https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 10 May 2026 17:15:32 +0000 https://vulnerability.circl.lu/sighting/d6524a01-15c1-4e07-ae23-710cb62bfa8c/export {"uuid": "d6524a01-15c1-4e07-ae23-710cb62bfa8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57938", "type": "seen", "source": "https://t.me/cvedetector/15927", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57938 - Linux SCTP Integer Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-57938 \nPublished : Jan. 21, 2025, 12:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/sctp: Prevent autoclose integer overflow in sctp_association_init() \n \nWhile by default max_autoclose equals to INT_MAX / HZ, one may set \nnet.sctp.max_autoclose to UINT_MAX. There is code in \nsctp_association_init() that can consequently trigger overflow. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T13:36:55.000000Z"} {"uuid": "d6524a01-15c1-4e07-ae23-710cb62bfa8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57938", "type": "seen", "source": "https://t.me/cvedetector/15927", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57938 - Linux SCTP Integer Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-57938 \nPublished : Jan. 21, 2025, 12:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/sctp: Prevent autoclose integer overflow in sctp_association_init() \n \nWhile by default max_autoclose equals to INT_MAX / HZ, one may set \nnet.sctp.max_autoclose to UINT_MAX. There is code in \nsctp_association_init() that can consequently trigger overflow. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T13:36:55.000000Z"} https://vulnerability.circl.lu/sighting/d6524a01-15c1-4e07-ae23-710cb62bfa8c/export Tue, 21 Jan 2025 13:36:55 +0000 https://vulnerability.circl.lu/sighting/f6d7f2b8-c434-498f-9b4b-01041bea72e6/export {"uuid": "f6d7f2b8-c434-498f-9b4b-01041bea72e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57931", "type": "seen", "source": "https://t.me/cvedetector/15931", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57931 - Linux SELinux Unknown Extended Permissions Ignorance Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-57931 \nPublished : Jan. 21, 2025, 12:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nselinux: ignore unknown extended permissions \n \nWhen evaluating extended permissions, ignore unknown permissions instead \nof calling BUG(). This commit ensures that future permissions can be \nadded without interfering with older kernels. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T13:37:00.000000Z"} {"uuid": "f6d7f2b8-c434-498f-9b4b-01041bea72e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57931", "type": "seen", "source": "https://t.me/cvedetector/15931", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57931 - Linux SELinux Unknown Extended Permissions Ignorance Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-57931 \nPublished : Jan. 21, 2025, 12:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nselinux: ignore unknown extended permissions \n \nWhen evaluating extended permissions, ignore unknown permissions instead \nof calling BUG(). This commit ensures that future permissions can be \nadded without interfering with older kernels. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T13:37:00.000000Z"} https://vulnerability.circl.lu/sighting/f6d7f2b8-c434-498f-9b4b-01041bea72e6/export Tue, 21 Jan 2025 13:37:00 +0000 https://vulnerability.circl.lu/sighting/21c3887e-ff3d-4d5f-8cad-62fe4c6eb629/export {"uuid": "21c3887e-ff3d-4d5f-8cad-62fe4c6eb629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57930", "type": "seen", "source": "https://t.me/cvedetector/15930", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57930 - Linux Kernel Array Dereference Vulnerability in Tracing\", \n \"Content\": \"CVE ID : CVE-2024-57930 \nPublished : Jan. 21, 2025, 12:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ntracing: Have process_string() also allow arrays \n \nIn order to catch a common bug where a TRACE_EVENT() TP_fast_assign() \nassigns an address of an allocated string to the ring buffer and then \nreferences it in TP_printk(), which can be executed hours later when the \nstring is free, the function test_event_printk() runs on all events as \nthey are registered to make sure there's no unwanted dereferencing. \n \nIt calls process_string() to handle cases in TP_printk() format that has \n\"%s\". It returns whether or not the string is safe. But it can have some \nfalse positives. \n \nFor instance, xe_bo_move() has: \n \n TP_printk(\"move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s\", \n __entry->move_lacks_source ? \"yes\" : \"no\", __entry->bo, __entry->size, \n xe_mem_type_to_name[__entry->old_placement], \n xe_mem_type_to_name[__entry->new_placement], __get_str(device_id)) \n \nWhere the \"%s\" references into xe_mem_type_to_name[]. This is an array of \npointers that should be safe for the event to access. Instead of flagging \nthis as a bad reference, if a reference points to an array, where the \nrecord field is the index, consider it safe. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T13:37:00.000000Z"} {"uuid": "21c3887e-ff3d-4d5f-8cad-62fe4c6eb629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57930", "type": "seen", "source": "https://t.me/cvedetector/15930", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57930 - Linux Kernel Array Dereference Vulnerability in Tracing\", \n \"Content\": \"CVE ID : CVE-2024-57930 \nPublished : Jan. 21, 2025, 12:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ntracing: Have process_string() also allow arrays \n \nIn order to catch a common bug where a TRACE_EVENT() TP_fast_assign() \nassigns an address of an allocated string to the ring buffer and then \nreferences it in TP_printk(), which can be executed hours later when the \nstring is free, the function test_event_printk() runs on all events as \nthey are registered to make sure there's no unwanted dereferencing. \n \nIt calls process_string() to handle cases in TP_printk() format that has \n\"%s\". It returns whether or not the string is safe. But it can have some \nfalse positives. \n \nFor instance, xe_bo_move() has: \n \n TP_printk(\"move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s\", \n __entry->move_lacks_source ? \"yes\" : \"no\", __entry->bo, __entry->size, \n xe_mem_type_to_name[__entry->old_placement], \n xe_mem_type_to_name[__entry->new_placement], __get_str(device_id)) \n \nWhere the \"%s\" references into xe_mem_type_to_name[]. This is an array of \npointers that should be safe for the event to access. Instead of flagging \nthis as a bad reference, if a reference points to an array, where the \nrecord field is the index, consider it safe. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T13:37:00.000000Z"} https://vulnerability.circl.lu/sighting/21c3887e-ff3d-4d5f-8cad-62fe4c6eb629/export Tue, 21 Jan 2025 13:37:00 +0000 https://vulnerability.circl.lu/sighting/85a13528-1474-4895-b808-c5673405876a/export {"uuid": "85a13528-1474-4895-b808-c5673405876a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57932", "type": "seen", "source": "https://t.me/cvedetector/15932", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57932 - Apache Linux Kernel Divide By Zero and Null Pointer Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-57932 \nPublished : Jan. 21, 2025, 12:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ngve: guard XDP xmit NDO on existence of xdp queues \n \nIn GVE, dedicated XDP queues only exist when an XDP program is installed \nand the interface is up. As such, the NDO XDP XMIT callback should \nreturn early if either of these conditions are false. \n \nIn the case of no loaded XDP program, priv->num_xdp_queues=0 which can \ncause a divide-by-zero error, and in the case of interface down, \nnum_xdp_queues remains untouched to persist XDP queue count for the next \ninterface up, but the TX pointer itself would be NULL. \n \nThe XDP xmit callback also needs to synchronize with a device \ntransitioning from open to close. This synchronization will happen via \nthe GVE_PRIV_FLAGS_NAPI_ENABLED bit along with a synchronize_net() call, \nwhich waits for any RCU critical sections at call-time to complete. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T13:37:01.000000Z"} {"uuid": "85a13528-1474-4895-b808-c5673405876a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57932", "type": "seen", "source": "https://t.me/cvedetector/15932", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57932 - Apache Linux Kernel Divide By Zero and Null Pointer Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-57932 \nPublished : Jan. 21, 2025, 12:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ngve: guard XDP xmit NDO on existence of xdp queues \n \nIn GVE, dedicated XDP queues only exist when an XDP program is installed \nand the interface is up. As such, the NDO XDP XMIT callback should \nreturn early if either of these conditions are false. \n \nIn the case of no loaded XDP program, priv->num_xdp_queues=0 which can \ncause a divide-by-zero error, and in the case of interface down, \nnum_xdp_queues remains untouched to persist XDP queue count for the next \ninterface up, but the TX pointer itself would be NULL. \n \nThe XDP xmit callback also needs to synchronize with a device \ntransitioning from open to close. This synchronization will happen via \nthe GVE_PRIV_FLAGS_NAPI_ENABLED bit along with a synchronize_net() call, \nwhich waits for any RCU critical sections at call-time to complete. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T13:37:01.000000Z"} https://vulnerability.circl.lu/sighting/85a13528-1474-4895-b808-c5673405876a/export Tue, 21 Jan 2025 13:37:01 +0000 https://vulnerability.circl.lu/sighting/0272f08f-4511-4c9e-8cbb-8b53d8ce41b3/export {"uuid": "0272f08f-4511-4c9e-8cbb-8b53d8ce41b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57933", "type": "seen", "source": "https://t.me/cvedetector/15933", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57933 - Linux Kernel GVE XSK Queue Guard\", \n \"Content\": \"CVE ID : CVE-2024-57933 \nPublished : Jan. 21, 2025, 12:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ngve: guard XSK operations on the existence of queues \n \nThis patch predicates the enabling and disabling of XSK pools on the \nexistence of queues. As it stands, if the interface is down, disabling \nor enabling XSK pools would result in a crash, as the RX queue pointer \nwould be NULL. XSK pool registration will occur as part of the next \ninterface up. \n \nSimilarly, xsk_wakeup needs be guarded against queues disappearing \nwhile the function is executing, so a check against the \nGVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the \ndisabling of the bit and the synchronize_net() in gve_turndown. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T13:37:05.000000Z"} {"uuid": "0272f08f-4511-4c9e-8cbb-8b53d8ce41b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57933", "type": "seen", "source": "https://t.me/cvedetector/15933", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57933 - Linux Kernel GVE XSK Queue Guard\", \n \"Content\": \"CVE ID : CVE-2024-57933 \nPublished : Jan. 21, 2025, 12:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ngve: guard XSK operations on the existence of queues \n \nThis patch predicates the enabling and disabling of XSK pools on the \nexistence of queues. As it stands, if the interface is down, disabling \nor enabling XSK pools would result in a crash, as the RX queue pointer \nwould be NULL. XSK pool registration will occur as part of the next \ninterface up. \n \nSimilarly, xsk_wakeup needs be guarded against queues disappearing \nwhile the function is executing, so a check against the \nGVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the \ndisabling of the bit and the synchronize_net() in gve_turndown. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T13:37:05.000000Z"} https://vulnerability.circl.lu/sighting/0272f08f-4511-4c9e-8cbb-8b53d8ce41b3/export Tue, 21 Jan 2025 13:37:05 +0000 https://vulnerability.circl.lu/sighting/38a6f7d4-13fe-4d22-8144-7bf08f3d74d8/export {"uuid": "38a6f7d4-13fe-4d22-8144-7bf08f3d74d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57939", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgay2shdfz2e", "content": "", "creation_timestamp": "2025-01-21T13:39:29.104225Z"} {"uuid": "38a6f7d4-13fe-4d22-8144-7bf08f3d74d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57939", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgay2shdfz2e", "content": "", "creation_timestamp": "2025-01-21T13:39:29.104225Z"} https://vulnerability.circl.lu/sighting/38a6f7d4-13fe-4d22-8144-7bf08f3d74d8/export Tue, 21 Jan 2025 13:39:29 +0000 https://vulnerability.circl.lu/sighting/d133ca53-d0a2-4a4e-870e-b600b1af464b/export {"uuid": "d133ca53-d0a2-4a4e-870e-b600b1af464b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57931", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113866636248516929", "content": "", "creation_timestamp": "2025-01-21T13:43:04.205677Z"} {"uuid": "d133ca53-d0a2-4a4e-870e-b600b1af464b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57931", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113866636248516929", "content": "", "creation_timestamp": "2025-01-21T13:43:04.205677Z"} https://vulnerability.circl.lu/sighting/d133ca53-d0a2-4a4e-870e-b600b1af464b/export Tue, 21 Jan 2025 13:43:04 +0000 https://vulnerability.circl.lu/sighting/33b78c0a-4bfc-4b63-ba2e-0bf98de48e8d/export {"uuid": "33b78c0a-4bfc-4b63-ba2e-0bf98de48e8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57936", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113866740466951809", "content": "", "creation_timestamp": "2025-01-21T14:09:34.830463Z"} {"uuid": "33b78c0a-4bfc-4b63-ba2e-0bf98de48e8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57936", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113866740466951809", "content": "", "creation_timestamp": "2025-01-21T14:09:34.830463Z"} https://vulnerability.circl.lu/sighting/33b78c0a-4bfc-4b63-ba2e-0bf98de48e8d/export Tue, 21 Jan 2025 14:09:34 +0000 https://vulnerability.circl.lu/sighting/f68a18a0-cf1f-4507-b138-2a5688f6d0ee/export {"uuid": "f68a18a0-cf1f-4507-b138-2a5688f6d0ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57939", "type": "seen", "source": "https://t.me/cvedetector/15951", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57939 - RISC-V Linux Sleeping in Invalid Context Memory Corruption\", \n \"Content\": \"CVE ID : CVE-2024-57939 \nPublished : Jan. 21, 2025, 1:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nriscv: Fix sleeping in invalid context in die() \n \ndie() can be called in exception handler, and therefore cannot sleep. \nHowever, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. \nThat causes the following warning: \n \nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 \nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex \npreempt_count: 110001, expected: 0 \nRCU nest depth: 0, expected: 0 \nCPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234 \nHardware name: riscv-virtio,qemu (DT) \nCall Trace: \n dump_backtrace+0x1c/0x24 \n show_stack+0x2c/0x38 \n dump_stack_lvl+0x5a/0x72 \n dump_stack+0x14/0x1c \n __might_resched+0x130/0x13a \n rt_spin_lock+0x2a/0x5c \n die+0x24/0x112 \n do_trap_insn_illegal+0xa0/0xea \n _new_vmalloc_restore_context_a0+0xcc/0xd8 \nOops - illegal instruction [#1] \n \nSwitch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT \nenabled. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T15:17:35.000000Z"} {"uuid": "f68a18a0-cf1f-4507-b138-2a5688f6d0ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57939", "type": "seen", "source": "https://t.me/cvedetector/15951", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-57939 - RISC-V Linux Sleeping in Invalid Context Memory Corruption\", \n \"Content\": \"CVE ID : CVE-2024-57939 \nPublished : Jan. 21, 2025, 1:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nriscv: Fix sleeping in invalid context in die() \n \ndie() can be called in exception handler, and therefore cannot sleep. \nHowever, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. \nThat causes the following warning: \n \nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 \nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex \npreempt_count: 110001, expected: 0 \nRCU nest depth: 0, expected: 0 \nCPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234 \nHardware name: riscv-virtio,qemu (DT) \nCall Trace: \n dump_backtrace+0x1c/0x24 \n show_stack+0x2c/0x38 \n dump_stack_lvl+0x5a/0x72 \n dump_stack+0x14/0x1c \n __might_resched+0x130/0x13a \n rt_spin_lock+0x2a/0x5c \n die+0x24/0x112 \n do_trap_insn_illegal+0xa0/0xea \n _new_vmalloc_restore_context_a0+0xcc/0xd8 \nOops - illegal instruction [#1] \n \nSwitch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT \nenabled. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T15:17:35.000000Z"} https://vulnerability.circl.lu/sighting/f68a18a0-cf1f-4507-b138-2a5688f6d0ee/export Tue, 21 Jan 2025 15:17:35 +0000 https://vulnerability.circl.lu/sighting/8de5b4a4-d30f-4086-9dba-92651ebac8bb/export {"uuid": "8de5b4a4-d30f-4086-9dba-92651ebac8bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-57939", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} {"uuid": "8de5b4a4-d30f-4086-9dba-92651ebac8bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-57939", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} https://vulnerability.circl.lu/sighting/8de5b4a4-d30f-4086-9dba-92651ebac8bb/export Wed, 03 Dec 2025 14:14:49 +0000