Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 02 Jun 2026 01:10:31 +0000 19c0c89d-a82b-4105-a7ef-5c6f6da94f42 https://vulnerability.circl.lu/sighting/19c0c89d-a82b-4105-a7ef-5c6f6da94f42/export {"uuid": "19c0c89d-a82b-4105-a7ef-5c6f6da94f42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46701", "type": "seen", "source": "https://t.me/cvedetector/5566", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46701 - \"tmpfs Infinite Directory Read Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-46701 \nPublished : Sept. 13, 2024, 7:15 a.m. | 19\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nlibfs: fix infinite directory reads for offset dir \n \nAfter we switch tmpfs dir operations from simple_dir_operations to \nsimple_offset_dir_operations, every rename happened will fill new dentry \nto dest dir's maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free \nkey starting with octx->newx_offset, and then set newx_offset equals to \nfree key + 1. This will lead to infinite readdir combine with rename \nhappened at the same time, which fail generic/736 in xfstests(detail show \nas below). \n \n1. create 5000 files(1 2 3...) under one dir \n2. call readdir(man 3 readdir) once, and get one entry \n3. rename(entry, \"TEMPFILE\"), then rename(\"TEMPFILE\", entry) \n4. loop 2~3, until readdir return nothing or we loop too many \n times(tmpfs break test with the second condition) \n \nWe choose the same logic what commit 9b378f6ad48cf (\"btrfs: fix infinite \ndirectory reads\") to fix it, record the last_index when we open dir, and \ndo not emit the entry which index >= last_index. The file->private_data \nnow used in offset dir can use directly to do this, and we also update \nthe last_index when we llseek the dir file. \n \n[brauner: only update last_index after seek when offset is zero like Jan suggested] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T09:36:07.000000Z"} {"uuid": "19c0c89d-a82b-4105-a7ef-5c6f6da94f42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46701", "type": "seen", "source": "https://t.me/cvedetector/5566", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46701 - \"tmpfs Infinite Directory Read Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-46701 \nPublished : Sept. 13, 2024, 7:15 a.m. | 19\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nlibfs: fix infinite directory reads for offset dir \n \nAfter we switch tmpfs dir operations from simple_dir_operations to \nsimple_offset_dir_operations, every rename happened will fill new dentry \nto dest dir's maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free \nkey starting with octx->newx_offset, and then set newx_offset equals to \nfree key + 1. This will lead to infinite readdir combine with rename \nhappened at the same time, which fail generic/736 in xfstests(detail show \nas below). \n \n1. create 5000 files(1 2 3...) under one dir \n2. call readdir(man 3 readdir) once, and get one entry \n3. rename(entry, \"TEMPFILE\"), then rename(\"TEMPFILE\", entry) \n4. loop 2~3, until readdir return nothing or we loop too many \n times(tmpfs break test with the second condition) \n \nWe choose the same logic what commit 9b378f6ad48cf (\"btrfs: fix infinite \ndirectory reads\") to fix it, record the last_index when we open dir, and \ndo not emit the entry which index >= last_index. The file->private_data \nnow used in offset dir can use directly to do this, and we also update \nthe last_index when we llseek the dir file. \n \n[brauner: only update last_index after seek when offset is zero like Jan suggested] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T09:36:07.000000Z"} https://vulnerability.circl.lu/sighting/19c0c89d-a82b-4105-a7ef-5c6f6da94f42/export Fri, 13 Sep 2024 09:36:07 +0000