febrero 2025 - Página 17 de 144

27 Feb 2025

CVE-2025-21725

Título es
CVE-2025-21725

Jue, 27/02/2025 – 02:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-21725

Descripción en
In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix oops due to unset link speed

It isn't guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always
be set by the server, so the client must handle any values and then
prevent oopses like below from happening:

Oops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41
04/01/2014
RIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48
89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8
e7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 f7 74 24 18 48 89
c3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24
RSP: 0018:ffffc90001817be0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99
RDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228
RBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac
R10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200
R13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58
FS: 00007fe27119e740(0000) GS:ffff888148600000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:

? __die_body.cold+0x19/0x27
? die+0x2e/0x50
? do_trap+0x159/0x1b0
? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]
? do_error_trap+0x90/0x130
? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]
? exc_divide_error+0x39/0x50
? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]
? asm_exc_divide_error+0x1a/0x20
? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]
? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]
? seq_read_iter+0x42e/0x790
seq_read_iter+0x19a/0x790
proc_reg_read_iter+0xbe/0x110
? __pfx_proc_reg_read_iter+0x10/0x10
vfs_read+0x469/0x570
? do_user_addr_fault+0x398/0x760
? __pfx_vfs_read+0x10/0x10
? find_held_lock+0x8a/0xa0
? __pfx_lock_release+0x10/0x10
ksys_read+0xd3/0x170
? __pfx_ksys_read+0x10/0x10
? __rcu_read_unlock+0x50/0x270
? mark_held_locks+0x1a/0x90
do_syscall_64+0xbb/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe271288911
Code: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8
20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 3d
00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec
RSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911
RDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003
RBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380
R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000
R13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000

Fix this by setting cifs_server_iface::speed to a sane value (1Gbps)
by default when link speed is unset.

27/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://git.kernel.org/stable/c/208e102a2fca44e40a6c3f7b9e2609cfd17a15aa

https://git.kernel.org/stable/c/3f901c35e1a1b3ed1b528a17ffdb941aa0294458

https://git.kernel.org/stable/c/699179dfc8d7da457b152ca5d18ae45f9ed9beaa

https://git.kernel.org/stable/c/ad3b49fbdb156aa8ee2026ba590642c9b5a410f2

https://git.kernel.org/stable/c/be7a6a77669588bfa5022a470989702bbbb11e7f

Enviar en el boletín
Off

27 Feb 2025

CVE-2025-21726

Título es
CVE-2025-21726

Jue, 27/02/2025 – 02:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-21726

Descripción en
In the Linux kernel, the following vulnerability has been resolved:

padata: avoid UAF for reorder_work

Although the previous patch can avoid ps and ps UAF for _do_serial, it
can not avoid potential UAF issue for reorder_work. This issue can
happen just as below:

crypto_request crypto_request crypto_del_alg
padata_do_serial
…
padata_reorder
// processes all remaining
// requests then breaks
while (1) {
if (!padata)
break;
…
}

padata_do_serial
// new request added
list_add
// sees the new request
queue_work(reorder_work)
padata_reorder
queue_work_on(squeue->work)
…

padata_serial_worker
// completes new request,
// no more outstanding
// requests

crypto_del_alg
// free pd

invoke_padata_reorder
// UAF of pd

To avoid UAF for 'reorder_work', get 'pd' ref before put 'reorder_work'
into the 'serial_wq' and put 'pd' ref until the 'serial_wq' finish.

27/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://git.kernel.org/stable/c/6f45ef616775b0ce7889b0f6077fc8d681ab30bc

https://git.kernel.org/stable/c/7000507bb0d2ceb545c0a690e0c707c897d102c2

https://git.kernel.org/stable/c/8ca38d0ca8c3d30dd18d311f1a7ec5cb56972cac

https://git.kernel.org/stable/c/a54091c24220a4cd847d5b4f36d678edacddbaf0

https://git.kernel.org/stable/c/dd7d37ccf6b11f3d95e797ebe4e9e886d0332600

Enviar en el boletín
Off

27 Feb 2025

CVE-2025-21724

Título es
CVE-2025-21724

Jue, 27/02/2025 – 02:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-21724

Descripción en
In the Linux kernel, the following vulnerability has been resolved:

iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()

Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()
where shifting the constant "1" (of type int) by bitmap->mapped.pgshift
(an unsigned long value) could result in undefined behavior.

The constant "1" defaults to a 32-bit "int", and when "pgshift" exceeds
31 (e.g., pgshift = 63) the shift operation overflows, as the result
cannot be represented in a 32-bit type.

To resolve this, the constant is updated to "1UL", promoting it to an
unsigned long type to match the operand's type.

27/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://git.kernel.org/stable/c/38ac76fc06bc6826a3e4b12a98efbe98432380a9

https://git.kernel.org/stable/c/44d9c94b7a3f29a3e07c4753603a35e9b28842a3

https://git.kernel.org/stable/c/b1f8453b8ff1ab79a03820ef608256c499769cb6

https://git.kernel.org/stable/c/d5d33f01b86af44b23eea61ee309e4ef22c0cdfe

https://git.kernel.org/stable/c/e24c1551059268b37f6f40639883eafb281b8b9c

Enviar en el boletín
Off

26 Feb 2025

CVE-2024-50696

Título es
CVE-2024-50696

Mié, 26/02/2025 – 21:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-50696

Descripción en
SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server.

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://en.sungrowpower.com/security-notice-detail-2/6140

Enviar en el boletín
Off

26 Feb 2025

CVE-2024-50693

Título es
CVE-2024-50693

Mié, 26/02/2025 – 21:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-50693

Descripción en
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService API model.

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://en.sungrowpower.com/security-notice-detail-2/6120

Enviar en el boletín
Off

26 Feb 2025

CVE-2024-50691

Título es
CVE-2024-50691

Mié, 26/02/2025 – 21:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-50691

Descripción en
SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud server and communicate with the Android app.

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://en.sungrowpower.com/security-notice-detail-2/6124

Enviar en el boletín
Off

26 Feb 2025

CVE-2024-50689

Título es
CVE-2024-50689

Mié, 26/02/2025 – 21:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-50689

Descripción en
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model.

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://en.sungrowpower.com/security-notice-detail-2/6116

Enviar en el boletín
Off

26 Feb 2025

CVE-2024-57423

Título es
CVE-2024-57423

Mié, 26/02/2025 – 21:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-57423

Descripción en
A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function.

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://github.com/harshad-alt/CVE/blob/main/CVE-2024-57423.md

Enviar en el boletín
Off

26 Feb 2025

CVE-2025-1728

Título es
CVE-2025-1728

Mié, 26/02/2025 – 22:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1728

Descripción en
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Enviar en el boletín
Off

26 Feb 2025

CVE-2024-57040

Título es
CVE-2024-57040

Mié, 26/02/2025 – 22:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-57040

Descripción en
TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained via a brute force attack.

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://security.iiita.ac.in/iot/hashed_password.pdf

Enviar en el boletín
Off

Archivos mensuales: febrero 2025