{"vulnerability": "CVE-2024-3584", "sightings": [{"uuid": "fee11bbe-64a7-4dc3-9d8e-ecf475834be7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-35848", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "8928d10d-f2ef-4f2b-bc3f-abf4d3e5ca8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-35843", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "fd2dbb5b-b253-4c42-adfb-b5da3bd41d4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-35843", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "1c8e83aa-7676-4355-984f-34d155fecd94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35847", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14754", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-35847\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Prevent double free on error\n\nThe error handling path in its_vpe_irq_domain_alloc() causes a double free\nwhen its_vpe_init() fails after successfully allocating at least one\ninterrupt. This happens because its_vpe_irq_domain_free() frees the\ninterrupts along with the area bitmap and the vprop_page and\nits_vpe_irq_domain_alloc() subsequently frees the area bitmap and the\nvprop_page again.\n\nFix this by unconditionally invoking its_vpe_irq_domain_free() which\nhandles all cases correctly and by removing the bitmap/vprop_page freeing\nfrom its_vpe_irq_domain_alloc().\n\n[ tglx: Massaged change log ]\n\ud83d\udccf Published: 2024-05-17T14:47:26.175Z\n\ud83d\udccf Modified: 2025-05-04T09:06:44.998Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae\n2. https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662\n3. https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52\n4. https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438\n5. https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9\n6. https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792\n7. https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137\n8. https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91", "creation_timestamp": "2025-05-04T09:18:08.000000Z"}, {"uuid": "3a55b7f2-f5cb-46ca-8d3d-9b0c2a21d3cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35849", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14753", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-35849\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()\n\nSyzbot reported the following information leak for in\nbtrfs_ioctl_logical_to_ino():\n\n  BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n  BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n   instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n   _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n   copy_to_user include/linux/uaccess.h:191 [inline]\n   btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499\n   btrfs_ioctl+0x714/0x1260\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:904 [inline]\n   __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n   __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n   x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n  Uninit was created at:\n   __kmalloc_large_node+0x231/0x370 mm/slub.c:3921\n   __do_kmalloc_node mm/slub.c:3954 [inline]\n   __kmalloc_node+0xb07/0x1060 mm/slub.c:3973\n   kmalloc_node include/linux/slab.h:648 [inline]\n   kvmalloc_node+0xc0/0x2d0 mm/util.c:634\n   kvmalloc include/linux/slab.h:766 [inline]\n   init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779\n   btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480\n   btrfs_ioctl+0x714/0x1260\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:904 [inline]\n   __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n   __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n   x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n  Bytes 40-65535 of 65536 are uninitialized\n  Memory access of size 65536 starts at ffff888045a40000\n\nThis happens, because we're copying a 'struct btrfs_data_container' back\nto user-space. This btrfs_data_container is allocated in\n'init_data_container()' via kvmalloc(), which does not zero-fill the\nmemory.\n\nFix this by using kvzalloc() which zeroes out the memory on allocation.\n\ud83d\udccf Published: 2024-05-17T14:47:27.486Z\n\ud83d\udccf Modified: 2025-05-04T09:06:47.671Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772\n2. https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86\n3. https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6\n4. https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d\n5. https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6\n6. https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc\n7. https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54\n8. https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf", "creation_timestamp": "2025-05-04T09:18:07.000000Z"}, {"uuid": "3ddb2c15-d222-4e31-8dce-44a8f34b49b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35844", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14756", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-35844\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix reserve_cblocks counting error when out of space\n\nWhen a file only needs one direct_node, performing the following\noperations will cause the file to be unrepairable:\n\nunisoc # ./f2fs_io compress test.apk\nunisoc #df -h | grep dm-48\n/dev/block/dm-48 112G 112G 1.2M 100% /data\n\nunisoc # ./f2fs_io release_cblocks test.apk\n924\nunisoc # df -h | grep dm-48\n/dev/block/dm-48 112G 112G 4.8M 100% /data\n\nunisoc # dd if=/dev/random of=file4 bs=1M count=3\n3145728 bytes (3.0 M) copied, 0.025 s, 120 M/s\nunisoc # df -h | grep dm-48\n/dev/block/dm-48 112G 112G 1.8M 100% /data\n\nunisoc # ./f2fs_io reserve_cblocks test.apk\nF2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on device\n\nadb reboot\nunisoc # df -h  | grep dm-48\n/dev/block/dm-48             112G 112G   11M 100% /data\nunisoc # ./f2fs_io reserve_cblocks test.apk\n0\n\nThis is because the file has only one direct_node. After returning\nto -ENOSPC, reserved_blocks += ret will not be executed. As a result,\nthe reserved_blocks at this time is still 0, which is not the real\nnumber of reserved blocks. Therefore, fsck cannot be set to repair\nthe file.\n\nAfter this patch, the fsck flag will be set to fix this problem.\n\nunisoc # df -h | grep dm-48\n/dev/block/dm-48             112G 112G  1.8M 100% /data\nunisoc # ./f2fs_io reserve_cblocks test.apk\nF2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on device\n\nadb reboot then fsck will be executed\nunisoc # df -h  | grep dm-48\n/dev/block/dm-48             112G 112G   11M 100% /data\nunisoc # ./f2fs_io reserve_cblocks test.apk\n924\n\ud83d\udccf Published: 2024-05-17T14:40:11.419Z\n\ud83d\udccf Modified: 2025-05-04T09:06:41.254Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/fa3ac8b1a227d9b470b87972494293348b5839ee\n2. https://git.kernel.org/stable/c/889846dfc8ee2cf31148a44bfd2faeb2faadc685\n3. https://git.kernel.org/stable/c/f0bf89e84c3afb79d7a3a9e4bc853ad6a3245c0a\n4. https://git.kernel.org/stable/c/569c198c9e2093fd29cc071856a4e548fda506bc\n5. https://git.kernel.org/stable/c/fc0aed88afbf6f606205129a7466eebdf528e3f3\n6. https://git.kernel.org/stable/c/2f6d721e14b69d6e1251f69fa238b48e8374e25f", "creation_timestamp": "2025-05-04T09:18:10.000000Z"}, {"uuid": "a1893ba1-5fd1-43c1-a6a2-6ddaf1d0ce8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35846", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14755", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-35846\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix shrinker NULL crash with cgroup_disable=memory\n\nChristian reports a NULL deref in zswap that he bisected down to the zswap\nshrinker.  The issue also cropped up in the bug trackers of libguestfs [1]\nand the Red Hat bugzilla [2].\n\nThe problem is that when memcg is disabled with the boot time flag, the\nzswap shrinker might get called with sc->memcg == NULL.  This is okay in\nmany places, like the lruvec operations.  But it crashes in\nmemcg_page_state() - which is only used due to the non-node accounting of\ncgroup's the zswap memory to begin with.\n\nNhat spotted that the memcg can be NULL in the memcg-disabled case, and I\nwas then able to reproduce the crash locally as well.\n\n[1] https://github.com/libguestfs/libguestfs/issues/139\n[2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252\n\ud83d\udccf Published: 2024-05-17T14:47:25.503Z\n\ud83d\udccf Modified: 2025-05-04T09:06:43.875Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/b0fdabc908a7f81d12382c87ca9e46a9c2e14042\n2. https://git.kernel.org/stable/c/682886ec69d22363819a83ddddd5d66cb5c791e1", "creation_timestamp": "2025-05-04T09:18:09.000000Z"}, {"uuid": "ae67be52-d111-4988-b29d-8c0573dfb64d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3584", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/1526", "content": "\u200aCVE-2024-3584: Critical Path Traversal Flaw Exposes Qdrant Vector Database to Remote Takeover\n\nhttps://securityonline.info/cve-2024-3584-critical-path-traversal-flaw-exposes-qdrant-vector-database-to-remote-takeover/", "creation_timestamp": "2024-06-04T15:42:49.000000Z"}]}