generated content from 2024-10-22

chisholm · Oct 22, 2024 · 463c541 · 463c541
1 parent 56b26f2
commit 463c541
Show file tree

Hide file tree

Showing 433 changed files with 9,936 additions and 0 deletions.
diff --git a/mapping.csv b/mapping.csv
diff --git a/objects/vulnerability/vulnerability--013368c9-3094-484f-a560-9a0e7a6fcd6c.json b/objects/vulnerability/vulnerability--013368c9-3094-484f-a560-9a0e7a6fcd6c.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--f7c63541-dd41-4d82-8fce-77de3895077d",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--013368c9-3094-484f-a560-9a0e7a6fcd6c",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:26.123511Z",
+            "modified": "2024-10-22T01:45:26.123511Z",
+            "name": "CVE-2024-47708",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetkit: Assign missing bpf_net_context\n\nDuring the introduction of struct bpf_net_context handling for\nXDP-redirect, the netkit driver has been missed, which also requires it\nbecause NETKIT_REDIRECT invokes skb_do_redirect() which is accessing the\nper-CPU variables. Otherwise we see the following crash:\n\n\tBUG: kernel NULL pointer dereference, address: 0000000000000038\n\tbpf_redirect()\n\tnetkit_xmit()\n\tdev_hard_start_xmit()\n\nSet the bpf_net_context before invoking netkit_xmit() program within the\nnetkit driver.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-47708"
+                }
+            ]
+        }
+    ]
+}
diff --git a/objects/vulnerability/vulnerability--01dea0de-85e4-45c8-9228-336af2315297.json b/objects/vulnerability/vulnerability--01dea0de-85e4-45c8-9228-336af2315297.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--3f61bea4-1cef-4f64-bbc6-3f10f3271a99",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--01dea0de-85e4-45c8-9228-336af2315297",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:27.285654Z",
+            "modified": "2024-10-22T01:45:27.285654Z",
+            "name": "CVE-2024-49933",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk_iocost: fix more out of bound shifts\n\nRecently running UBSAN caught few out of bound shifts in the\nioc_forgive_debts() function:\n\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38\nshift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long\nlong')\n...\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30\nshift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long\nlong')\n...\nCall Trace:\n<IRQ>\ndump_stack_lvl+0xca/0x130\n__ubsan_handle_shift_out_of_bounds+0x22c/0x280\n? __lock_acquire+0x6441/0x7c10\nioc_timer_fn+0x6cec/0x7750\n? blk_iocost_init+0x720/0x720\n? call_timer_fn+0x5d/0x470\ncall_timer_fn+0xfa/0x470\n? blk_iocost_init+0x720/0x720\n__run_timer_base+0x519/0x700\n...\n\nActual impact of this issue was not identified but I propose to fix the\nundefined behaviour.\nThe proposed fix to prevent those out of bound shifts consist of\nprecalculating exponent before using it the shift operations by taking\nmin value from the actual exponent and maximum possible number of bits.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-49933"
+                }
+            ]
+        }
+    ]
+}
diff --git a/objects/vulnerability/vulnerability--02093ad3-563e-4c9c-be6a-d80b1aa24e53.json b/objects/vulnerability/vulnerability--02093ad3-563e-4c9c-be6a-d80b1aa24e53.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d7c2f2ae-e2ef-4fa2-9308-1eda7d2aced2",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--02093ad3-563e-4c9c-be6a-d80b1aa24e53",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:31.681561Z",
+            "modified": "2024-10-22T01:45:31.681561Z",
+            "name": "CVE-2022-48996",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes()\n\nCommit da87878010e5 (\"mm/damon/sysfs: support online inputs update\") made\n'damon_sysfs_set_schemes()' to be called for running DAMON context, which\ncould have schemes.  In the case, DAMON sysfs interface is supposed to\nupdate, remove, or add schemes to reflect the sysfs files.  However, the\ncode is assuming the DAMON context wouldn't have schemes at all, and\ntherefore creates and adds new schemes.  As a result, the code doesn't\nwork as intended for online schemes tuning and could have more than\nexpected memory footprint.  The schemes are all in the DAMON context, so\nit doesn't leak the memory, though.\n\nRemove the wrong asssumption (the DAMON context wouldn't have schemes) in\n'damon_sysfs_set_schemes()' to fix the bug.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2022-48996"
+                }
+            ]
+        }
+    ]
+}
diff --git a/objects/vulnerability/vulnerability--03f7ce9e-8290-4e2f-8a6c-8bffb6955e9c.json b/objects/vulnerability/vulnerability--03f7ce9e-8290-4e2f-8a6c-8bffb6955e9c.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--c5e46c9c-d15b-49e5-8c3e-ef18fe82a6a6",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--03f7ce9e-8290-4e2f-8a6c-8bffb6955e9c",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:26.20149Z",
+            "modified": "2024-10-22T01:45:26.20149Z",
+            "name": "CVE-2024-50035",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix ppp_async_encode() illegal access\n\nsyzbot reported an issue in ppp_async_encode() [1]\n\nIn this case, pppoe_sendmsg() is called with a zero size.\nThen ppp_async_encode() is called with an empty skb.\n\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n  ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n  ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n  ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\n  ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\n  ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\n  pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n  sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n  __release_sock+0x1da/0x330 net/core/sock.c:3072\n  release_sock+0x6b/0x250 net/core/sock.c:3626\n  pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n  sock_sendmsg_nosec net/socket.c:729 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:744\n  ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n  __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n  __do_sys_sendmmsg net/socket.c:2771 [inline]\n  __se_sys_sendmmsg net/socket.c:2768 [inline]\n  __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n  x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:4092 [inline]\n  slab_alloc_node mm/slub.c:4135 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n  alloc_skb include/linux/skbuff.h:1322 [inline]\n  sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n  pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n  sock_sendmsg_nosec net/socket.c:729 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:744\n  ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n  __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n  __do_sys_sendmmsg net/socket.c:2771 [inline]\n  __se_sys_sendmmsg net/socket.c:2768 [inline]\n  __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n  x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-50035"
+                }
+            ]
+        }
+    ]
+}
diff --git a/objects/vulnerability/vulnerability--04c22b8c-3ca7-44a5-b427-baa283ab85c2.json b/objects/vulnerability/vulnerability--04c22b8c-3ca7-44a5-b427-baa283ab85c2.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--876f7d29-987c-45fa-ac8f-452409e3a243",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--04c22b8c-3ca7-44a5-b427-baa283ab85c2",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:27.345258Z",
+            "modified": "2024-10-22T01:45:27.345258Z",
+            "name": "CVE-2024-49889",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid use-after-free in ext4_ext_show_leaf()\n\nIn ext4_find_extent(), path may be freed by error or be reallocated, so\nusing a previously saved *ppath may have been freed and thus may trigger\nuse-after-free, as follows:\n\next4_split_extent\n  path = *ppath;\n  ext4_split_extent_at(ppath)\n  path = ext4_find_extent(ppath)\n  ext4_split_extent_at(ppath)\n    // ext4_find_extent fails to free path\n    // but zeroout succeeds\n  ext4_ext_show_leaf(inode, path)\n    eh = path[depth].p_hdr\n    // path use-after-free !!!\n\nSimilar to ext4_split_extent_at(), we use *ppath directly as an input to\next4_ext_show_leaf(). Fix a spelling error by the way.\n\nSame problem in ext4_ext_handle_unwritten_extents(). Since 'path' is only\nused in ext4_ext_show_leaf(), remove 'path' and use *ppath directly.\n\nThis issue is triggered only when EXT_DEBUG is defined and therefore does\nnot affect functionality.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-49889"
+                }
+            ]
+        }
+    ]
+}
diff --git a/objects/vulnerability/vulnerability--06ded6b7-5284-4e7a-8197-1e44588e562d.json b/objects/vulnerability/vulnerability--06ded6b7-5284-4e7a-8197-1e44588e562d.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--11b9a6db-517b-469f-9506-53eeba743a89",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--06ded6b7-5284-4e7a-8197-1e44588e562d",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:27.271809Z",
+            "modified": "2024-10-22T01:45:27.271809Z",
+            "name": "CVE-2024-49893",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check stream_status before it is used\n\n[WHAT & HOW]\ndc_state_get_stream_status can return null, and therefore null must be\nchecked before stream_status is used.\n\nThis fixes 1 NULL_RETURNS issue reported by Coverity.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-49893"
+                }
+            ]
+        }
+    ]
+}
diff --git a/objects/vulnerability/vulnerability--06fdeb1c-0d06-4b7d-af51-293e97c373a2.json b/objects/vulnerability/vulnerability--06fdeb1c-0d06-4b7d-af51-293e97c373a2.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--75f36e4c-4128-4a15-a76c-ae0e450b848f",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--06fdeb1c-0d06-4b7d-af51-293e97c373a2",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:27.198425Z",
+            "modified": "2024-10-22T01:45:27.198425Z",
+            "name": "CVE-2024-49885",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: avoid zeroing kmalloc redzone\n\nSince commit 946fa0dbf2d8 (\"mm/slub: extend redzone check to extra\nallocated kmalloc space than requested\"), setting orig_size treats\nthe wasted space (object_size - orig_size) as a redzone. However with\ninit_on_free=1 we clear the full object->size, including the redzone.\n\nAdditionally we clear the object metadata, including the stored orig_size,\nmaking it zero, which makes check_object() treat the whole object as a\nredzone.\n\nThese issues lead to the following BUG report with \"slub_debug=FUZ\ninit_on_free=1\":\n\n[    0.000000] =============================================================================\n[    0.000000] BUG kmalloc-8 (Not tainted): kmalloc Redzone overwritten\n[    0.000000] -----------------------------------------------------------------------------\n[    0.000000]\n[    0.000000] 0xffff000010032858-0xffff00001003285f @offset=2136. First byte 0x0 instead of 0xcc\n[    0.000000] FIX kmalloc-8: Restoring kmalloc Redzone 0xffff000010032858-0xffff00001003285f=0xcc\n[    0.000000] Slab 0xfffffdffc0400c80 objects=36 used=23 fp=0xffff000010032a18 flags=0x3fffe0000000200(workingset|node=0|zone=0|lastcpupid=0x1ffff)\n[    0.000000] Object 0xffff000010032858 @offset=2136 fp=0xffff0000100328c8\n[    0.000000]\n[    0.000000] Redzone  ffff000010032850: cc cc cc cc cc cc cc cc                          ........\n[    0.000000] Object   ffff000010032858: cc cc cc cc cc cc cc cc                          ........\n[    0.000000] Redzone  ffff000010032860: cc cc cc cc cc cc cc cc                          ........\n[    0.000000] Padding  ffff0000100328b4: 00 00 00 00 00 00 00 00 00 00 00 00              ............\n[    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.11.0-rc3-next-20240814-00004-g61844c55c3f4 #144\n[    0.000000] Hardware name: NXP i.MX95 19X19 board (DT)\n[    0.000000] Call trace:\n[    0.000000]  dump_backtrace+0x90/0xe8\n[    0.000000]  show_stack+0x18/0x24\n[    0.000000]  dump_stack_lvl+0x74/0x8c\n[    0.000000]  dump_stack+0x18/0x24\n[    0.000000]  print_trailer+0x150/0x218\n[    0.000000]  check_object+0xe4/0x454\n[    0.000000]  free_to_partial_list+0x2f8/0x5ec\n\nTo address the issue, use orig_size to clear the used area. And restore\nthe value of orig_size after clear the remaining area.\n\nWhen CONFIG_SLUB_DEBUG not defined, (get_orig_size()' directly returns\ns->object_size. So when using memset to init the area, the size can simply\nbe orig_size, as orig_size returns object_size when CONFIG_SLUB_DEBUG not\nenabled. And orig_size can never be bigger than object_size.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-49885"
+                }
+            ]
+        }
+    ]
+}
diff --git a/objects/vulnerability/vulnerability--0763cf07-db47-47f6-83ce-2e15429919fe.json b/objects/vulnerability/vulnerability--0763cf07-db47-47f6-83ce-2e15429919fe.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--50b1ebca-b1e4-4d0b-b2ed-0e9497f118fe",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0763cf07-db47-47f6-83ce-2e15429919fe",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:27.317831Z",
+            "modified": "2024-10-22T01:45:27.317831Z",
+            "name": "CVE-2024-49877",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate\n\nWhen doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger\nNULL pointer dereference in the following ocfs2_set_buffer_uptodate() if\nbh is NULL.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-49877"
+                }
+            ]
+        }
+    ]
+}
diff --git a/objects/vulnerability/vulnerability--08fc0fae-9cb3-4309-a228-025ca51d56e4.json b/objects/vulnerability/vulnerability--08fc0fae-9cb3-4309-a228-025ca51d56e4.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9c003b07-d97a-45f6-aec8-9b8f73ec8048",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--08fc0fae-9cb3-4309-a228-025ca51d56e4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:31.66582Z",
+            "modified": "2024-10-22T01:45:31.66582Z",
+            "name": "CVE-2022-48959",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()\n\nWhen dsa_devlink_region_create failed in sja1105_setup_devlink_regions(),\npriv->regions is not released.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2022-48959"
+                }
+            ]
+        }
+    ]
+}
diff --git a/objects/vulnerability/vulnerability--094550fe-43a4-428a-b1c5-95ecfb51e0ba.json b/objects/vulnerability/vulnerability--094550fe-43a4-428a-b1c5-95ecfb51e0ba.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--ee92e900-6218-4404-9c44-376257df301f",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--094550fe-43a4-428a-b1c5-95ecfb51e0ba",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:27.316668Z",
+            "modified": "2024-10-22T01:45:27.316668Z",
+            "name": "CVE-2024-49945",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ncsi: Disable the ncsi work before freeing the associated structure\n\nThe work function can run after the ncsi device is freed, resulting\nin use-after-free bugs or kernel panic.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-49945"
+                }
+            ]
+        }
+    ]
+}
diff --git a/objects/vulnerability/vulnerability--0a868c2c-a8cf-4c94-b188-e6e617992d24.json b/objects/vulnerability/vulnerability--0a868c2c-a8cf-4c94-b188-e6e617992d24.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--fd330049-86f2-4c84-bb0d-f4d5de85ef1d",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0a868c2c-a8cf-4c94-b188-e6e617992d24",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-22T01:45:26.169783Z",
+            "modified": "2024-10-22T01:45:26.169783Z",
+            "name": "CVE-2024-50008",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()\n\nReplace one-element array with a flexible-array member in\n`struct host_cmd_ds_802_11_scan_ext`.\n\nWith this, fix the following warning:\n\nelo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------\nelo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field \"ext_scan->tlv_buffer\" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1)\nelo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex]",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-50008"
+                }
+            ]
+        }
+    ]
+}