<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 03 Jul 2026 23:22:18 +0000</lastBuildDate>
    <item>
      <title>4bd04dac-dac6-4e0a-bc58-62fd55925d35</title>
      <link>https://vulnerability.circl.lu/sighting/4bd04dac-dac6-4e0a-bc58-62fd55925d35/export</link>
      <description>{"uuid": "4bd04dac-dac6-4e0a-bc58-62fd55925d35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-44962", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}</description>
      <content:encoded>{"uuid": "4bd04dac-dac6-4e0a-bc58-62fd55925d35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-44962", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4bd04dac-dac6-4e0a-bc58-62fd55925d35/export</guid>
      <pubDate>Thu, 19 Mar 2026 00:00:00 +0000</pubDate>
    </item>
    <item>
      <title>b77b25e2-35cd-421c-a475-dc66cd07e81c</title>
      <link>https://vulnerability.circl.lu/sighting/b77b25e2-35cd-421c-a475-dc66cd07e81c/export</link>
      <description>{"uuid": "b77b25e2-35cd-421c-a475-dc66cd07e81c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-44961", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}</description>
      <content:encoded>{"uuid": "b77b25e2-35cd-421c-a475-dc66cd07e81c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-44961", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b77b25e2-35cd-421c-a475-dc66cd07e81c/export</guid>
      <pubDate>Thu, 19 Mar 2026 00:00:00 +0000</pubDate>
    </item>
    <item>
      <title>097ae0a5-382e-41b5-aaba-5d2ce8adb75b</title>
      <link>https://vulnerability.circl.lu/sighting/097ae0a5-382e-41b5-aaba-5d2ce8adb75b/export</link>
      <description>{"uuid": "097ae0a5-382e-41b5-aaba-5d2ce8adb75b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-44963", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}</description>
      <content:encoded>{"uuid": "097ae0a5-382e-41b5-aaba-5d2ce8adb75b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-44963", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/097ae0a5-382e-41b5-aaba-5d2ce8adb75b/export</guid>
      <pubDate>Thu, 19 Mar 2026 00:00:00 +0000</pubDate>
    </item>
    <item>
      <title>650f9da1-40a2-429c-9a5b-03a2de6df926</title>
      <link>https://vulnerability.circl.lu/sighting/650f9da1-40a2-429c-9a5b-03a2de6df926/export</link>
      <description>{"uuid": "650f9da1-40a2-429c-9a5b-03a2de6df926", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-44963", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}</description>
      <content:encoded>{"uuid": "650f9da1-40a2-429c-9a5b-03a2de6df926", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-44963", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/650f9da1-40a2-429c-9a5b-03a2de6df926/export</guid>
      <pubDate>Wed, 03 Dec 2025 14:14:49 +0000</pubDate>
    </item>
    <item>
      <title>ee1bb83d-3067-4762-a571-9d30e372c0cd</title>
      <link>https://vulnerability.circl.lu/sighting/ee1bb83d-3067-4762-a571-9d30e372c0cd/export</link>
      <description>{"uuid": "ee1bb83d-3067-4762-a571-9d30e372c0cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44960", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}</description>
      <content:encoded>{"uuid": "ee1bb83d-3067-4762-a571-9d30e372c0cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44960", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ee1bb83d-3067-4762-a571-9d30e372c0cd/export</guid>
      <pubDate>Thu, 14 Aug 2025 10:00:00 +0000</pubDate>
    </item>
    <item>
      <title>26cf8daf-74fa-45a9-a89e-dcb880e93f61</title>
      <link>https://vulnerability.circl.lu/sighting/26cf8daf-74fa-45a9-a89e-dcb880e93f61/export</link>
      <description>{"uuid": "26cf8daf-74fa-45a9-a89e-dcb880e93f61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44965", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}</description>
      <content:encoded>{"uuid": "26cf8daf-74fa-45a9-a89e-dcb880e93f61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44965", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/26cf8daf-74fa-45a9-a89e-dcb880e93f61/export</guid>
      <pubDate>Thu, 14 Aug 2025 10:00:00 +0000</pubDate>
    </item>
    <item>
      <title>62d0f691-9fb0-4fa8-af78-6be45b6a4c7f</title>
      <link>https://vulnerability.circl.lu/sighting/62d0f691-9fb0-4fa8-af78-6be45b6a4c7f/export</link>
      <description>{"uuid": "62d0f691-9fb0-4fa8-af78-6be45b6a4c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44969", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}</description>
      <content:encoded>{"uuid": "62d0f691-9fb0-4fa8-af78-6be45b6a4c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44969", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/62d0f691-9fb0-4fa8-af78-6be45b6a4c7f/export</guid>
      <pubDate>Thu, 14 Aug 2025 10:00:00 +0000</pubDate>
    </item>
    <item>
      <title>88210a62-9b6e-4a63-a3ae-d519af553572</title>
      <link>https://vulnerability.circl.lu/sighting/88210a62-9b6e-4a63-a3ae-d519af553572/export</link>
      <description>{"uuid": "88210a62-9b6e-4a63-a3ae-d519af553572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44962", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16985", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44962\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\ud83d\udccf Published: 2024-09-04T18:35:59.990Z\n\ud83d\udccf Modified: 2025-05-20T14:27:38.644Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016\n2. https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b\n3. https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33", "creation_timestamp": "2025-05-20T14:40:45.000000Z"}</description>
      <content:encoded>{"uuid": "88210a62-9b6e-4a63-a3ae-d519af553572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44962", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16985", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44962\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\ud83d\udccf Published: 2024-09-04T18:35:59.990Z\n\ud83d\udccf Modified: 2025-05-20T14:27:38.644Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016\n2. https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b\n3. https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33", "creation_timestamp": "2025-05-20T14:40:45.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/88210a62-9b6e-4a63-a3ae-d519af553572/export</guid>
      <pubDate>Tue, 20 May 2025 14:40:45 +0000</pubDate>
    </item>
    <item>
      <title>89556c4a-85bf-4f89-a5a5-bf3d219b9ff2</title>
      <link>https://vulnerability.circl.lu/sighting/89556c4a-85bf-4f89-a5a5-bf3d219b9ff2/export</link>
      <description>{"uuid": "89556c4a-85bf-4f89-a5a5-bf3d219b9ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44963", "type": "seen", "source": "https://t.me/cvedetector/4850", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44963 - \"Btrfs Memory Leak BUG Abuse Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-44963 \nPublished : Sept. 4, 2024, 7:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbtrfs: do not BUG_ON() when freeing tree block after error  \n  \nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to  \ncreate a delayed reference we don't deal with the error and just do a  \nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a  \ncomment mentioning that only -ENOMEM can happen, but that is not true,  \nbecause in case qgroups are enabled any error returned from  \nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned  \nfrom btrfs_search_slot() for example) can be propagated back to  \nbtrfs_free_tree_block().  \n  \nSo stop doing a BUG_ON() and return the error to the callers and make  \nthem abort the transaction to prevent leaking space. Syzbot was  \ntriggering this, likely due to memory allocation failure injection. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T21:57:06.000000Z"}</description>
      <content:encoded>{"uuid": "89556c4a-85bf-4f89-a5a5-bf3d219b9ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44963", "type": "seen", "source": "https://t.me/cvedetector/4850", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44963 - \"Btrfs Memory Leak BUG Abuse Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-44963 \nPublished : Sept. 4, 2024, 7:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbtrfs: do not BUG_ON() when freeing tree block after error  \n  \nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to  \ncreate a delayed reference we don't deal with the error and just do a  \nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a  \ncomment mentioning that only -ENOMEM can happen, but that is not true,  \nbecause in case qgroups are enabled any error returned from  \nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned  \nfrom btrfs_search_slot() for example) can be propagated back to  \nbtrfs_free_tree_block().  \n  \nSo stop doing a BUG_ON() and return the error to the callers and make  \nthem abort the transaction to prevent leaking space. Syzbot was  \ntriggering this, likely due to memory allocation failure injection. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T21:57:06.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/89556c4a-85bf-4f89-a5a5-bf3d219b9ff2/export</guid>
      <pubDate>Wed, 04 Sep 2024 21:57:06 +0000</pubDate>
    </item>
    <item>
      <title>4a6da508-965e-44ef-a0a0-3593e1c416a6</title>
      <link>https://vulnerability.circl.lu/sighting/4a6da508-965e-44ef-a0a0-3593e1c416a6/export</link>
      <description>{"uuid": "4a6da508-965e-44ef-a0a0-3593e1c416a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44964", "type": "seen", "source": "https://t.me/cvedetector/4848", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44964 - Linux idpf Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-44964 \nPublished : Sept. 4, 2024, 7:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nidpf: fix memory leaks and crashes while performing a soft reset  \n  \nThe second tagged commit introduced a UAF, as it removed restoring  \nq_vector-&amp;gt;vport pointers after reinitializating the structures.  \nThis is due to that all queue allocation functions are performed here  \nwith the new temporary vport structure and those functions rewrite  \nthe backpointers to the vport. Then, this new struct is freed and  \nthe pointers start leading to nowhere.  \n  \nBut generally speaking, the current logic is very fragile. It claims  \nto be more reliable when the system is low on memory, but in fact, it  \nconsumes two times more memory as at the moment of running this  \nfunction, there are two vports allocated with their queues and vectors.  \nMoreover, it claims to prevent the driver from running into \"bad state\",  \nbut in fact, any error during the rebuild leaves the old vport in the  \npartially allocated state.  \nFinally, if the interface is down when the function is called, it always  \nallocates a new queue set, but when the user decides to enable the  \ninterface later on, vport_open() allocates them once again, IOW there's  \na clear memory leak here.  \n  \nJust don't allocate a new queue set when performing a reset, that solves  \ncrashes and memory leaks. Readd the old queue number and reopen the  \ninterface on rollback - that solves limbo states when the device is left  \ndisabled and/or without HW queues enabled. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T21:56:28.000000Z"}</description>
      <content:encoded>{"uuid": "4a6da508-965e-44ef-a0a0-3593e1c416a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44964", "type": "seen", "source": "https://t.me/cvedetector/4848", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44964 - Linux idpf Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-44964 \nPublished : Sept. 4, 2024, 7:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nidpf: fix memory leaks and crashes while performing a soft reset  \n  \nThe second tagged commit introduced a UAF, as it removed restoring  \nq_vector-&amp;gt;vport pointers after reinitializating the structures.  \nThis is due to that all queue allocation functions are performed here  \nwith the new temporary vport structure and those functions rewrite  \nthe backpointers to the vport. Then, this new struct is freed and  \nthe pointers start leading to nowhere.  \n  \nBut generally speaking, the current logic is very fragile. It claims  \nto be more reliable when the system is low on memory, but in fact, it  \nconsumes two times more memory as at the moment of running this  \nfunction, there are two vports allocated with their queues and vectors.  \nMoreover, it claims to prevent the driver from running into \"bad state\",  \nbut in fact, any error during the rebuild leaves the old vport in the  \npartially allocated state.  \nFinally, if the interface is down when the function is called, it always  \nallocates a new queue set, but when the user decides to enable the  \ninterface later on, vport_open() allocates them once again, IOW there's  \na clear memory leak here.  \n  \nJust don't allocate a new queue set when performing a reset, that solves  \ncrashes and memory leaks. Readd the old queue number and reopen the  \ninterface on rollback - that solves limbo states when the device is left  \ndisabled and/or without HW queues enabled. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T21:56:28.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4a6da508-965e-44ef-a0a0-3593e1c416a6/export</guid>
      <pubDate>Wed, 04 Sep 2024 21:56:28 +0000</pubDate>
    </item>
  </channel>
</rss>
