Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56720)

bpf, sockmap: Several fixes to bpfmsgpopdata, 1. In skmsgshiftleft, it should putpage 2. if len == 0, returning early is better 3. pop the entire skmsg last == msg-sg.size should be supported 4. Fix for the value of variable a 5. In skmsgshiftleft, after shifting, it has already pointed to the ne...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56681)

crypto: bcm - add error check in the ahashhmacinit function The ahashinit functions may return fails. The ahashhmacinit should not return ok when ahashinit returns error. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46724)

drm/amdgpu: vulnerability in drm/amdgpu that involved an out-of-bounds read of dfv17channelnumber. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-44995)

net: hns3: a deadlock problem when config TC during resetting. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504604; scriptversion"1.3";...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56723)

mfd: intelsocpmicbxtwc: Use IRQ domain for PMIC devices. While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has inherited vulnerabilities. This was unveiled when platformgetirq had started WARN on IRQ 0 that is supposed to be a...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46721)

apparmor: fix possible NULL pointer dereference. profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an error code and the code, -ENOENT represents its state that the path...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-53181)

um: vector: The drvdata is not available in release This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504579; scriptversion"1.2";...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-45003)

vfs: Some filesystemseg. ext4 with eainode feature, ubifs with xattr may do inode lookup in the inode evicting callback function, if the inode lookup is operated under the inode lru traversing context, deadlock problems may happen. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-49983)

ext4: When calling ext4forcesplitextentat in ext4extreplayupdateex, the 'ppath' is updated but it is the 'path' that is freed, thus potentially triggering a double-free. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46781)

nilfs2: vulnerability involves a use-after-free bug during mount-time recovery, where inodes with recovered data are not freed if an error occurs before the log writer starts, leading to potential memory issues. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56724)

mfd: intelsocpmicbxtwc: Use IRQ domain for TMU device. While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has inherited vulnerability. This was unveiled when platformgetirq had started WARN on IRQ 0 that is supposed to be a Lin...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50202)

nilfs2: propagate directory read errors from nilfsfindentry. A task hang occurs in vcsopen during a fuzzing test for nilfs2. The root cause of this problem is that in nilfsfindentry, which searches for directory entries, ignores errors when loading a directory page/folio via nilfsgetfolio fails. ...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56705)

media: atomisp: In iacss3astatisticsallocate, there is no check on the allocation result of the rgbydata memory. If rgbydata is not successfully allocated, it may trigger the asserthoststats-rgbydata assertion in iacsss3ahmemdecode. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-42224)

net: dsa: mv88e6xxx: wrong check on empty list. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504568; scriptversion"1.2";...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46840)

btrfs: clean up our handling of refs == 0 in snapshot delete. In reada we BUGONrefs == 0, which may be problematic because there is no lock on the extent leave, potentially leading to a transient incorrect answer. In walkdownproc, BUGONrefs == 0 is also used, which could occur due to extent tree...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46782)

ila: call nfunregisternethooks use-after-free Read in ilanfinput. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504764; scriptversion"1.3";...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56643)

dccp: vulnerability in DCCP Datagram Congestion Control Protocol involves a memory leak in dccpfeatchangerecv where memory allocated for a new SP feature value is not freed if dccpfeatpushconfirm fails, leading to potential resource exhaustion. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50268)

usb: typec: fix potential out of bounds in ucsiccgupdatesetnewcamcmd. The cmd variable can be controlled by the user via debugfs. That means newcam can be as high as 255 while the size of the uc-updated array is UCSIMAXALTMODES 30. The call tree is: ucsicmd // val comes from simpleattrwritexsigne...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56593)

wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglistrw. This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sdsgentryalign' value applies e.g. 512 and a lot of queued SKBs are sent from the pkt queue. This plugin only works with Tenable.ot...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46740)

binder: UAF caused by offsets overwrite. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504456; scriptversion"1.2";...