CHK NVD : CVE-2024-44974 - 2866ea1e

[witchcraze]

[CVE Configuration Update Request] Update Suggestion - CVE-2024-44974 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2024-44974
https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2024-44974.yml
https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2024-44974.json

- CVE-2024-44974
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.226
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.167
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.109
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.10.0 up to (excluding) 6.10.7
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.11.0 up to (excluding) 6.11
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.48
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.226
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.167
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.109
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.10.7
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.11
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.48
- Reference (Commit)
  - mptcp: pm: avoid possible UaF when selecting endp
    - Fixed by
      - 5.10.226 (ddee5b4b6a1cc03c1e9921cf34382e094c2009f1)
      - 5.15.167 (f2c865e9e3ca44fc06b5f73b29a954775e4dbb38)
      - 6.1.109 (2b4f46f9503633dade75cb796dd1949d0e6581a1)
      - 6.10.7 (0201d65d9806d287a00e0ba96f0321835631f63f)
      - 6.11 (48e50dcbcbaaf713d82bf2da5c16aeced94ad07d) (upstream)
      - 6.6.48 (9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8)
    - Will be introduced by
      - 5.7 (01cacb00b35c)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2024-44974

URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:linux:linux_kernel:6.11:rc4
cpe:/o:linux:linux_kernel:6.11:rc3
cpe:/o:linux:linux_kernel:6.11:rc2
cpe:/o:linux:linux_kernel:6.11:rc1
cpe:/o:linux:linux_kernel		5.7	6.6.48
cpe:/o:linux:linux_kernel		6.7	6.10.7