{"vulnerability": "CVE-2024-4208", "sightings": [{"uuid": "9ff74dd9-f17a-4a35-a323-26b799cd4797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42082", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "76e5db32-201b-4440-9455-c57929d9c3eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42084", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "e077306a-5290-4a8e-a469-049f54ad9dcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42086", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "8744bda5-ae39-4882-8f2d-c7298ae8c2b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42087", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "0da40bbf-8a67-4569-a729-b8015cac3085", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-42080", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "464fa997-f556-4135-abb0-664fb1024433", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42089", "type": "seen", "source": "https://t.me/cvedetector/1896", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42089 - Linux FSL ASOC Card Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42089 \nPublished : July 29, 2024, 5:15 p.m. | 17\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nASoC: fsl-asoc-card: set priv->pdev before using it  \n  \npriv->pdev pointer was set after being used in  \nfsl_asoc_card_audmux_init().  \nMove this assignment at the start of the probe function, so  \nsub-functions can correctly use pdev through priv.  \n  \nfsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the  \ndev struct, used with dev_err macros.  \nAs priv is zero-initialised, there would be a NULL pointer dereference.  \nNote that if priv->dev is dereferenced before assignment but never used,  \nfor example if there is no error to be printed, the driver won't crash  \nprobably due to compiler optimisations. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T19:38:58.000000Z"}, {"uuid": "7b3ae243-ca5a-4960-baae-3558eb201a3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42087", "type": "seen", "source": "https://t.me/cvedetector/1893", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42087 - Linux kernel DRM Ilitek I9881c GPIO Sleep Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42087 \nPublished : July 29, 2024, 5:15 p.m. | 17\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep  \n  \nThe ilitek-ili9881c controls the reset GPIO using the non-sleeping  \ngpiod_set_value() function. This complains loudly when the GPIO  \ncontroller needs to sleep. As the caller can sleep, use  \ngpiod_set_value_cansleep() to fix the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T19:38:55.000000Z"}, {"uuid": "7e6b3d55-bb12-4914-ba2f-a62ba9b1e130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-42082", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "d2d73b68-2ac7-4486-834d-5d9698619fbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42084", "type": "seen", "source": "https://t.me/cvedetector/1898", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42084 - Apache Linux Kernel Off-by-Sign-Truncate Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42084 \nPublished : July 29, 2024, 5:15 p.m. | 17\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nftruncate: pass a signed offset  \n  \nThe old ftruncate() syscall, using the 32-bit off_t misses a sign  \nextension when called in compat mode on 64-bit architectures.  As a  \nresult, passing a negative length accidentally succeeds in truncating  \nto file size between 2GiB and 4GiB.  \n  \nChanging the type of the compat syscall to the signed compat_off_t  \nchanges the behavior so it instead returns -EINVAL.  \n  \nThe native entry point, the truncate() syscall and the corresponding  \nloff_t based variants are all correct already and do not suffer  \nfrom this mistake. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T19:39:00.000000Z"}, {"uuid": "3062d946-b05a-4e3c-bc0b-a0285977f820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42086", "type": "seen", "source": "https://t.me/cvedetector/1897", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42086 - Linux Kernel BME680 IIO Chemical Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42086 \nPublished : July 29, 2024, 5:15 p.m. | 17\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \niio: chemical: bme680: Fix overflows in compensate() functions  \n  \nThere are cases in the compensate functions of the driver that  \nthere could be overflows of variables due to bit shifting ops.  \nThese implications were initially discussed here [1] and they  \nwere mentioned in log message of Commit 1b3bd8592780 (\"iio:  \nchemical: Add support for Bosch BME680 sensor\").  \n  \n[1]:  \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T19:38:59.000000Z"}, {"uuid": "3c31a823-2558-4baf-99de-60f7acce4f3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42088", "type": "seen", "source": "https://t.me/cvedetector/1895", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42088 - Mediatek Linux Kernel uninitialized data structure vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42088 \nPublished : July 29, 2024, 5:15 p.m. | 17\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link  \n  \nCommit e70b8dd26711 (\"ASoC: mediatek: mt8195: Remove afe-dai component  \nand rework codec link\") removed the codec entry for the ETDM1_OUT_BE  \ndai link entirely instead of replacing it with COMP_EMPTY(). This worked  \nby accident as the remaining COMP_EMPTY() platform entry became the codec  \nentry, and the platform entry became completely empty, effectively the  \nsame as COMP_DUMMY() since snd_soc_fill_dummy_dai() doesn't do anything  \nfor platform entries.  \n  \nThis causes a KASAN out-of-bounds warning in mtk_soundcard_common_probe()  \nin sound/soc/mediatek/common/mtk-soundcard-driver.c:  \n  \n for_each_card_prelinks(card, i, dai_link) {  \n  if (adsp_node && !strncmp(dai_link->name, \"AFE_SOF\", strlen(\"AFE_SOF\")))  \n   dai_link->platforms->of_node = adsp_node;  \n  else if (!dai_link->platforms->name && !dai_link->platforms->of_node)  \n   dai_link->platforms->of_node = platform_node;  \n }  \n  \nwhere the code expects the platforms array to have space for at least one entry.  \n  \nAdd an COMP_EMPTY() entry so that dai_link->platforms has space. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T19:38:57.000000Z"}, {"uuid": "791ed534-345a-4940-85d1-e92e78b70fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42085", "type": "seen", "source": "https://t.me/cvedetector/1892", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42085 - Linux Kernel USB DWC3 Lock Deadlock Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42085 \nPublished : July 29, 2024, 5:15 p.m. | 17\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nusb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock  \n  \nWhen config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system  \nto enter suspend status with below command:  \necho mem > /sys/power/state  \nThere will be a deadlock issue occurring. Detailed invoking path as  \nbelow:  \ndwc3_suspend_common()  \n    spin_lock_irqsave(&dwc->lock, flags);              lock, flags);      gadget_driver is NULL or not. It causes the  \nfollowing code is executed and deadlock occurs when trying to get the  \nspinlock. In fact, the root cause is the commit 5265397f9442(\"usb: dwc3:  \nRemove DWC3 locking during gadget suspend/resume\") that forgot to remove  \nthe lock of otg mode. So, remove the redundant lock of otg mode during  \ngadget suspend/resume. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T19:38:54.000000Z"}, {"uuid": "924748ae-b139-426d-907f-9ddb41e62bc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42083", "type": "seen", "source": "https://t.me/cvedetector/1878", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42083 - Intel ionic Kernel Panic Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42083 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nionic: fix kernel panic due to multi-buffer handling  \n  \nCurrently, the ionic_run_xdp() doesn't handle multi-buffer packets  \nproperly for XDP_TX and XDP_REDIRECT.  \nWhen a jumbo frame is received, the ionic_run_xdp() first makes xdp  \nframe with all necessary pages in the rx descriptor.  \nAnd if the action is either XDP_TX or XDP_REDIRECT, it should unmap  \ndma-mapping and reset page pointer to NULL for all pages, not only the  \nfirst page.  \nBut it doesn't for SG pages. So, SG pages unexpectedly will be reused.  \nIt eventually causes kernel panic.  \n  \nOops: general protection fault, probably for non-canonical address 0x504f4e4dbebc64ff: 0000 [#1] PREEMPT SMP NOPTI  \nCPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.10.0-rc3+ #25  \nRIP: 0010:xdp_return_frame+0x42/0x90  \nCode: 01 75 12 5b 4c 89 e6 5d 31 c9 41 5c 31 d2 41 5d e9 73 fd ff ff 44 8b 6b 20 0f b7 43 0a 49 81 ed 68 01 00 00 49 29 c5 49 01 fd  80 7d0  \nRSP: 0018:ffff99d00122ce08 EFLAGS: 00010202  \nRAX: 0000000000005453 RBX: ffff8d325f904000 RCX: 0000000000000001  \nRDX: 00000000670e1000 RSI: 000000011f90d000 RDI: 504f4e4d4c4b4a49  \nRBP: ffff99d003907740 R08: 0000000000000000 R09: 0000000000000000  \nR10: 000000011f90d000 R11: 0000000000000000 R12: ffff8d325f904010  \nR13: 504f4e4dbebc64fd R14: ffff8d3242b070c8 R15: ffff99d0039077c0  \nFS:  0000000000000000(0000) GS:ffff8d399f780000(0000) knlGS:0000000000000000  \nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \nCR2: 00007f41f6c85e38 CR3: 000000037ac30000 CR4: 00000000007506f0  \nPKRU: 55555554  \nCall Trace:  \n   \n ? die_addr+0x33/0x90  \n ? exc_general_protection+0x251/0x2f0  \n ? asm_exc_general_protection+0x22/0x30  \n ? xdp_return_frame+0x42/0x90  \n ionic_tx_clean+0x211/0x280 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]  \n ionic_tx_cq_service+0xd3/0x210 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]  \n ionic_txrx_napi+0x41/0x1b0 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]  \n __napi_poll.constprop.0+0x29/0x1b0  \n net_rx_action+0x2c4/0x350  \n handle_softirqs+0xf4/0x320  \n irq_exit_rcu+0x78/0xa0  \n common_interrupt+0x77/0x90 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:30.000000Z"}, {"uuid": "67aa25d1-e05a-4a05-9e4e-6a472da233f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42081", "type": "seen", "source": "https://t.me/cvedetector/1875", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42081 - \"Linux Kernel DMA-RCB NULL Pointer Dereference\"\", \n  \"Content\": \"CVE ID : CVE-2024-42081 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/xe/xe_devcoredump: Check NULL before assignments  \n  \nAssign 'xe_devcoredump_snapshot *' and 'xe_device *' only if  \n'coredump' is not NULL.  \n  \nv2  \n- Fix commit messages.  \n  \nv3  \n- Define variables before code.(Ashutosh/Jose)  \n  \nv4  \n- Drop return check for coredump_to_xe. (Jose/Rodrigo)  \n  \nv5  \n- Modify misleading commit message. (Matt) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:27.000000Z"}, {"uuid": "e42afac6-410a-4756-ace9-aa010a23f905", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42082", "type": "seen", "source": "https://t.me/cvedetector/1873", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42082 - Qualcomm Snapdragon Linux Kernel XDP Memory Allocation Vulnerability (Warning Misuse)\", \n  \"Content\": \"CVE ID : CVE-2024-42082 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nxdp: Remove WARN() from __xdp_reg_mem_model()  \n  \nsyzkaller reports a warning in __xdp_reg_mem_model().  \n  \nThe warning occurs only if __mem_id_init_hash_table() returns an error. It  \nreturns the error in two cases:  \n  \n  1. memory allocation fails;  \n  2. rhashtable_init() fails when some fields of rhashtable_params  \n     struct are not initialized properly.  \n  \nThe second case cannot happen since there is a static const rhashtable_params  \nstruct with valid fields. So, warning is only triggered when there is a  \nproblem with memory allocation.  \n  \nThus, there is no sense in using WARN() to handle this error and it can be  \nsafely removed.  \n  \nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299  \n  \nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024  \nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299  \n  \nCall Trace:  \n xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344  \n xdp_test_run_setup net/bpf/test_run.c:188 [inline]  \n bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377  \n bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267  \n bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240  \n __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649  \n __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]  \n __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]  \n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736  \n do_syscall_64+0xfb/0x240  \n entry_SYSCALL_64_after_hwframe+0x6d/0x75  \n  \nFound by Linux Verification Center (linuxtesting.org) with syzkaller. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:25.000000Z"}, {"uuid": "ba3619d3-1446-4dad-996d-218eefdba059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42080", "type": "seen", "source": "https://t.me/cvedetector/1872", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42080 - Linux Kernel RDMA Restracking Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2024-42080 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nRDMA/restrack: Fix potential invalid address access  \n  \nstruct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME  \nin ib_create_cq(), while if the module exited but forgot del this  \nrdma_restrack_entry, it would cause a invalid address access in  \nrdma_restrack_clean() when print the owner of this rdma_restrack_entry.  \n  \nThese code is used to help find one forgotten PD release in one of the  \nULPs. But it is not needed anymore, so delete them. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:24.000000Z"}]}