{"vulnerability": "CVE-2024-2201", "sightings": [{"uuid": "d9da3146-a2a8-4a2e-8032-85738dfea473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22017", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "b1804fbf-d2d4-43d4-ba33-888567ed7686", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "87d2839b-96f0-4fec-8586-71fd97a17cf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2201", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113681389663944812", "content": "", "creation_timestamp": "2024-12-19T20:32:25.753137Z"}, {"uuid": "f2074af3-fef2-4033-962e-d7c111ca7c5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2201", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldos6aifws2z", "content": "", "creation_timestamp": "2024-12-19T21:15:46.638757Z"}, {"uuid": "8a2942bc-f1c6-4ea0-8ccc-4bfca35c98a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-22018", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "a2fa524c-cf2b-4b51-b03e-ce66e2407079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "seen", "source": "https://gist.github.com/Darkcrai86/548c952e45379d1ea22232f45faf68f3", "content": "", "creation_timestamp": "2025-11-13T18:16:17.000000Z"}, {"uuid": "55003cd7-a9a0-4705-bbf9-6d347c395099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-09", "content": "", "creation_timestamp": "2025-11-13T11:00:00.000000Z"}, {"uuid": "20bb376b-3f97-4cb4-8a47-de3467d4f62a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2201", "type": "published-proof-of-concept", "source": "https://t.me/itsec_news/4303", "content": "\u200b\u26a1\ufe0fNative BHI: \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0434\u0430\u043d\u043d\u044b\u043c \u044f\u0434\u0440\u0430 Linux \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u0445 \u0441 Intel\n\n\ud83d\udcac \u0423\u0447\u0435\u043d\u044b\u0435 \u0438\u0437 \u0410\u043c\u0441\u0442\u0435\u0440\u0434\u0430\u043c\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u0443\u044e \u043c\u0435\u0442\u043e\u0434\u0438\u043a\u0443 \u0430\u0442\u0430\u043a\u0438 Native BHI, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0445\u0430\u043a\u0435\u0440\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0430\u043d\u043d\u044b\u043c \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u044f\u0434\u0440\u0430 Linux \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u0445 \u0441 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u043c\u0438 Intel. \u041c\u0435\u0442\u043e\u0434 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043e\u043f\u0430\u0441\u0435\u043d \u0432 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u0443\u0442\u044c \u0432 \u043f\u0430\u043c\u044f\u0442\u044c \u0445\u043e\u0441\u0442\u0430 \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u0438\u0437 \u0441\u0432\u043e\u0435\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b.\n\nNative BHI (CVE-2024-2201) \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0443\u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 BHI (Branch History Injection) CVE-2022-0001, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 2022 \u0433\u043e\u0434\u0443. \u0412 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0445\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 eBPF \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0432 \u044f\u0434\u0440\u0435 \u0434\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438, \u043d\u043e\u0432\u044b\u0439 \u043c\u0435\u0442\u043e\u0434 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0442\u0430\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d \u043b\u044e\u0431\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u0422\u0435\u0445\u043d\u0438\u043a\u0430 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u0430 \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0435\u0439 \u043a\u043e\u043c\u0430\u043d\u0434 (\u0433\u0430\u0434\u0436\u0435\u0442\u043e\u0432) \u0432 \u043a\u043e\u0434\u0435 \u044f\u0434\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442 \u0441\u043f\u0435\u043a\u0443\u043b\u044f\u0442\u0438\u0432\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0439 (Speculative execution). \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0441\u043e\u0437\u0434\u0430\u043b\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 InSpectre Gadget, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0432 \u044f\u0434\u0440\u0435 6.6-rc4 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0442\u0430\u043a\u0438\u0445 \u0433\u0430\u0434\u0436\u0435\u0442\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (\u0445\u044d\u0448\u0438 \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0438\u0437 \u0444\u0430\u0439\u043b\u0430 /etc/shadow), \u0441\u043e \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c\u044e \u043e\u043a\u043e\u043b\u043e 3.5 \u041a\u0431/\u0441.\n\nBHI \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0430\u0437\u043d\u043e\u0432\u0438\u0434\u043d\u043e\u0441\u0442\u044c\u044e \u0430\u0442\u0430\u043a\u0438 Spectre-v2, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u043e\u0431\u0445\u043e\u0434 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0445 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 \u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c. \u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u0438\u0434\u0435\u044f \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0432 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0438\u0441\u0442\u043e\u0440\u0438\u0435\u0439 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u043d\u044b\u0445 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u043e\u0432 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0435 \u0434\u043b\u044f \u0432\u044b\u0437\u043e\u0432\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u043f\u0435\u043a\u0443\u043b\u044f\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437 \u043a\u044d\u0448\u0430. \u042d\u0442\u043e \u0434\u043e\u0441\u0442\u0438\u0433\u0430\u0435\u0442\u0441\u044f \u0437\u0430 \u0441\u0447\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u0431\u0443\u0444\u0435\u0440 \u0441 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u0441\u0442\u043e\u0440\u0438\u0435\u0439 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u043e\u0432, \u0447\u0442\u043e \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u043e\u0442 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0435\u0439 \u0430\u0442\u0430\u043a\u0438 Spectre, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u0439 \u0431\u0443\u0444\u0435\u0440 \u043f\u0440\u0435\u0434\u0441\u043a\u0430\u0437\u0430\u043d\u0438\u044f \u0432\u0435\u0442\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0437\u0430\u0449\u0438\u0442\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 Intel IBT (Indirect Branch Tracking) \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0439 \u0433\u0438\u0431\u0440\u0438\u0434 FineIBT, \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0441\u0442\u043e\u044f\u0442\u044c \u043d\u043e\u0432\u043e\u043c\u0443 \u043c\u0435\u0442\u043e\u0434\u0443 \u0430\u0442\u0430\u043a\u0438. \u0412 \u043e\u0442\u0432\u0435\u0442 \u043d\u0430 \u044d\u0442\u043e, \u0432 \u044f\u0434\u0440\u0435 Linux \u0431\u044b\u043b\u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u044b \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u0437\u0430\u0449\u0438\u0442\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 Intel (BHI_DIS_S) \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 KVM. \u0422\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 \u044f\u0434\u0440\u0430 Linux (6.8.5, 6.6.26, 6.1.85 \u0438 5.15.154) \u0438 \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 Xen, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0435 \u043d\u043e\u0432\u044b\u0435 \u043c\u0435\u0440\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0414\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0430 \u043d\u043e\u0432\u0435\u0439\u0448\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 Intel \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e\u0442\u0441\u044f \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0435 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b, \u0430 \u0434\u043b\u044f \u0441\u0442\u0430\u0440\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u044b \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b, \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u044e\u0449\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430. \u042d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0438 \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043c\u0435\u0440 \u0437\u0430\u0449\u0438\u0442\u044b \u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u043a\u0430 \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-04-11T10:54:16.000000Z"}, {"uuid": "93201951-0971-49df-a54b-318f3f15ec1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22018", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14198", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-22018\n\ud83d\udd25 CVSS Score: 2.9 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.\n\ud83d\udccf Published: 2024-07-10T01:00:12.747Z\n\ud83d\udccf Modified: 2025-04-30T22:25:19.795Z\n\ud83d\udd17 References:\n1. https://hackerone.com/reports/2145862\n2. http://www.openwall.com/lists/oss-security/2024/07/11/6\n3. http://www.openwall.com/lists/oss-security/2024/07/19/3", "creation_timestamp": "2025-04-30T23:14:39.000000Z"}, {"uuid": "1d55e41c-3570-498f-924e-d2995a68dca0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22017", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14203", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-22017\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L)\n\ud83d\udd39 Description: setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.\n\ud83d\udccf Published: 2024-03-19T04:32:34.137Z\n\ud83d\udccf Modified: 2025-04-30T22:25:14.211Z\n\ud83d\udd17 References:\n1. https://hackerone.com/reports/2170226\n2. http://www.openwall.com/lists/oss-security/2024/03/11/1\n3. https://security.netapp.com/advisory/ntap-20240517-0007/", "creation_timestamp": "2025-04-30T23:14:47.000000Z"}, {"uuid": "99508dab-4b04-4593-92d0-2ac3771d7fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14205", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-22019\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.\n\ud83d\udccf Published: 2024-02-20T01:31:08.092Z\n\ud83d\udccf Modified: 2025-04-30T22:25:12.463Z\n\ud83d\udd17 References:\n1. https://hackerone.com/reports/2233486\n2. https://security.netapp.com/advisory/ntap-20240315-0004/\n3. http://www.openwall.com/lists/oss-security/2024/03/11/1", "creation_timestamp": "2025-04-30T23:14:52.000000Z"}, {"uuid": "675b0eb8-be40-4397-a4db-63811b06688e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22018", "type": "seen", "source": "https://t.me/cvedetector/495", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-22018 - A vulnerability has been identified in Node.js, af\", \n  \"Content\": \"CVE ID : CVE-2024-22018 \nPublished : July 10, 2024, 2:15 a.m. | 18\u00a0minutes ago \nDescription : A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.  \nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.  \nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.  \nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. \nSeverity: 2.9 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T04:38:04.000000Z"}, {"uuid": "9543a063-d511-4bf4-ab4d-5bda62c90eea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22011", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8980", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-22011\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\ud83d\udccf Published: 2024-03-11T18:55:35.717Z\n\ud83d\udccf Modified: 2025-03-26T21:13:25.879Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2024-03-01", "creation_timestamp": "2025-03-26T21:25:45.000000Z"}, {"uuid": "f5af2bce-0ad1-4c94-bfdc-281f00f9c3b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22011", "type": "seen", "source": "Telegram/y9ysFBzGNUDmgUJ6jvgmWCz6FRKow6uoCOgBONPZQ3fQdSbT", "content": "", "creation_timestamp": "2025-02-18T21:11:31.000000Z"}, {"uuid": "c2a340e1-b072-4911-8db9-95b1e4dd0641", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22013", "type": "seen", "source": "https://t.me/cvedetector/5766", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-22013 - Cisco U-Boot Environment Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-22013 \nPublished : Sept. 16, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : U-Boot environment is read from unauthenticated partition. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-16T22:53:28.000000Z"}, {"uuid": "491fed07-d6e1-4786-ada9-9a2d107b5040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2201", "type": "seen", "source": "https://t.me/cvedetector/13373", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-2201 - Intel Linux Kernel Cross-Privilege Spectre v2 Leak\", \n  \"Content\": \"CVE ID : CVE-2024-2201 \nPublished : Dec. 19, 2024, 9:15 p.m. | 40\u00a0minutes ago \nDescription : A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T23:10:57.000000Z"}, {"uuid": "f166180e-9b7a-4840-85df-7285e70970cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22017", "type": "seen", "source": "https://t.me/ctinow/211183", "content": "https://ift.tt/rSwEqKX\nCVE-2024-22017", "creation_timestamp": "2024-03-19T06:26:54.000000Z"}, {"uuid": "578665c3-01cf-4023-af4d-4f74de1e5498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "seen", "source": "https://t.me/arpsyndicate/4534", "content": "#ExploitObserverAlert\n\nCVE-2024-22019\n\nDESCRIPTION: Exploit Observer has 13 entries in 2 file formats related to CVE-2024-22019. A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.\n\nFIRST-EPSS: 0.000430000\nARPS-EXPLOITABILITY: 0.5817243", "creation_timestamp": "2024-04-12T06:02:54.000000Z"}, {"uuid": "e715eba5-b35b-4f85-8f43-91f6050988b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "seen", "source": "https://t.me/arpsyndicate/3700", "content": "#ExploitObserverAlert\n\nCVE-2024-22019\n\nDESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-22019. A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-21T06:53:10.000000Z"}, {"uuid": "09877695-84e0-4f6e-9da9-89384da5eea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2201", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5627", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 VUSec \u0438\u0437 \u0410\u043c\u0441\u0442\u0435\u0440\u0434\u0430\u043c\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430\u00a0\u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u0430\u0442\u0430\u043a\u0438 Spectre v2, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u043d\u0430 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 Intel, \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043f\u0435\u043a\u0443\u043b\u044f\u0442\u0438\u0432\u043d\u043e\u0439 \u0443\u044f\u0432\u0437\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0431\u043e\u0447\u043d\u043e\u0433\u043e \u043a\u0430\u043d\u0430\u043b\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f CVE-2024-2201.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0435 \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b, \u043d\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0431\u044b\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b \u0432 2018 \u0433\u043e\u0434\u0443 Spectre \u0438 Meltdown.\n\n\u0410\u0442\u0430\u043a\u0438 \u0432 \u0441\u0442\u0438\u043b\u0435 Spectre \u043e\u0431\u044b\u0447\u043d\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438\u0437 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0446\u0435\u043d\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0442\u0430\u043a\u0443\u044e \u043a\u0430\u043a \u043a\u043b\u044e\u0447\u0438 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u043f\u0430\u0440\u043e\u043b\u0438.\n\n\u0412 2022 \u0433\u043e\u0434\u0443 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 VU Amsterdam \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043b\u0438\u00a0\u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 Spectre v2, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Branch History Injection (BHI), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0448\u0443\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439, \u0447\u0435\u043c \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0438.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 VUSec \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u043b\u0430 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043d\u043e\u0432\u043e\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f, \u0447\u0430\u0441\u0442\u0438\u0447\u043d\u043e \u0444\u0438\u043d\u0430\u043d\u0441\u0438\u0440\u0443\u0435\u043c\u043e\u0433\u043e Intel, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0432\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 Spectre-v2, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 \u044f\u0434\u0440\u043e Linux.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u043e \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0430 \u044d\u0444\u0444\u0435\u043a\u0442\u043d\u0430 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043d\u043e\u0432\u0435\u0439\u0448\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 Intel \u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0442\u0435\u0447\u043a\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u044f\u0434\u0440\u0430 \u0441\u043e \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c\u044e 3,5 \u041a\u0431\u0438\u0442/\u0441\u0435\u043a.\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 Spectre v2 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0432\u044b\u043d\u0443\u0436\u0434\u0430\u0435\u0442 \u044f\u0434\u0440\u043e \u0441\u043f\u0435\u043a\u0443\u043b\u044f\u0442\u0438\u0432\u043d\u043e \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u0442\u0430\u043a \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u043c\u043e\u043c\u0443 \u0433\u0430\u0434\u0436\u0435\u0442\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443. \u0410\u0442\u0430\u043a\u0438 \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0433\u0430\u0434\u0436\u0435\u0442\u043e\u0432 \u044f\u0434\u0440\u0430\n\n\u041d\u043e VUSec \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u043d\u043e\u0432\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c InSpectre Gadget, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u044f\u0432\u043b\u044f\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0433\u0430\u0434\u0436\u0435\u0442\u044b \u044f\u0434\u0440\u0430 Linux \u0434\u043b\u044f \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0430\u0442\u0430\u043a\u0435.\n\n\u041f\u043e \u0438\u0442\u043e\u0433\u0443, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u043e \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u044c, \u043a\u0430\u043a \u043d\u043e\u0432\u0430\u044f \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430 BHI \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0445\u0435\u0448\u0430 \u043f\u0430\u0440\u043e\u043b\u044f root \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 Intel Core 13-\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Intel \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e\u00a0\u0434\u043b\u044f BHI, \u043f\u043e\u0434\u0435\u043b\u0438\u0432\u0448\u0438\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u043c\u0435\u0442\u043e\u0434\u0430\u0445 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u044b \u043c\u043e\u0433\u0443\u0442 \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0438\u043b\u044c\u0442\u0440\u0430 eBPF, \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u0443\u044e \u0441\u043f\u0435\u043a\u0443\u043b\u044f\u0446\u0438\u044e \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0441\u0432\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0442\u0432\u0435\u0439 (eIBRS) \u0438 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0441\u0443\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 (SMEP).\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Intel \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0442\u044c \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 LFENCE (Load Fence) \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0441\u0442\u0430 \u043a\u043e\u0434\u0430, \u0447\u0442\u043e\u0431\u044b \u043e\u043d\u0438 \u0441\u043b\u0443\u0436\u0438\u043b\u0438 \u0442\u043e\u0447\u043a\u0430\u043c\u0438 \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438, \u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0447\u0438\u0449\u0430\u044e\u0442 \u0431\u0443\u0444\u0435\u0440 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u0432\u0435\u0442\u0432\u0435\u0439 (BHB) \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u043e\u0432 \u043c\u0435\u0436\u0434\u0443 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0434\u043e\u043c\u0435\u043d\u0430\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0437\u0430\u0432\u0435\u0440\u0438\u043b, \u0447\u0442\u043e \u0431\u0443\u0434\u0443\u0449\u0438\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u044b \u0431\u0443\u0434\u0443\u0442 \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0432 \u0441\u0435\u0431\u044f \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e BHI \u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u043f\u0435\u043a\u0443\u043b\u044f\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f.", "creation_timestamp": "2024-04-11T16:46:05.000000Z"}, {"uuid": "32e164ff-0fd3-4c48-a3b2-4c7012708128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22017", "type": "seen", "source": "https://t.me/ctinow/211179", "content": "https://ift.tt/rSwEqKX\nCVE-2024-22017", "creation_timestamp": "2024-03-19T06:26:47.000000Z"}, {"uuid": "85206c82-2c2d-4a08-aa0c-aedf17e7dfe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "seen", "source": "https://t.me/ctinow/203200", "content": "https://ift.tt/FPsWSc2\nCVE-2024-22019 | Node.js HTTP Request denial of service", "creation_timestamp": "2024-03-08T10:22:16.000000Z"}, {"uuid": "d1b1c90b-e6f8-4d9c-ad68-12caf32dc3c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22012", "type": "seen", "source": "https://t.me/ctinow/197976", "content": "https://ift.tt/0Rjho9b\nCVE-2024-22012 | Google Android kernel out-of-bounds write", "creation_timestamp": "2024-03-01T20:46:43.000000Z"}, {"uuid": "8eaa3409-1e46-4776-b8a1-99bb92b1b683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "seen", "source": "https://t.me/ctinow/188075", "content": "https://ift.tt/mZAVQrM\nCVE-2024-22019", "creation_timestamp": "2024-02-20T03:31:52.000000Z"}, {"uuid": "f2f4642a-8afe-4471-aba5-5b7a4c690b24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "seen", "source": "https://t.me/ctinow/188084", "content": "https://ift.tt/mZAVQrM\nCVE-2024-22019", "creation_timestamp": "2024-02-20T03:32:06.000000Z"}, {"uuid": "b0383b04-419a-4321-bb97-08db1abba22d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "seen", "source": "https://t.me/ctinow/186578", "content": "https://ift.tt/t3ySqwK\nCVE-2024-22019", "creation_timestamp": "2024-02-16T19:02:04.000000Z"}, {"uuid": "ffb20b1f-6d2e-4b43-8c0c-9fb5ff791224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22012", "type": "seen", "source": "https://t.me/ctinow/180839", "content": "https://ift.tt/B83YThr\nCVE-2024-22012", "creation_timestamp": "2024-02-07T17:22:06.000000Z"}, {"uuid": "b6e1e8ef-ece0-4ca5-aeb7-db5101392ff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22016", "type": "seen", "source": "https://t.me/ctinow/177978", "content": "https://ift.tt/hDsIrHP\nCVE-2024-22016 | Rapid SCADA up to 5.8.4 permission assignment (icsa-24-011-03)", "creation_timestamp": "2024-02-02T08:36:43.000000Z"}, {"uuid": "b16cad72-a4c4-4757-8bc9-ed63543b078a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22011", "type": "seen", "source": "https://t.me/ctinow/205031", "content": "https://ift.tt/rtG5hUn\nCVE-2024-22011", "creation_timestamp": "2024-03-11T20:26:50.000000Z"}, {"uuid": "8d4a1860-f3f3-4878-a180-65f9bbf0b2b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22010", "type": "seen", "source": "https://t.me/ctinow/205030", "content": "https://ift.tt/npf8HGc\nCVE-2024-22010", "creation_timestamp": "2024-03-11T20:26:49.000000Z"}, {"uuid": "196b6f84-dd8b-42f3-8648-2469eb41e2b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22019", "type": "seen", "source": "https://t.me/ctinow/208639", "content": "https://ift.tt/eM9Q6Rf\nCVE-2024-22019 Node.js Vulnerability in NetApp Products", "creation_timestamp": "2024-03-15T11:26:47.000000Z"}, {"uuid": "524b3b2e-9b80-4a66-82be-d5df5eda2d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22016", "type": "seen", "source": "https://t.me/ctinow/177865", "content": "https://ift.tt/d4Txi0A\nCVE-2024-22016", "creation_timestamp": "2024-02-02T01:31:20.000000Z"}]}