{"vulnerability": "CVE-2024-5008", "sightings": [{"uuid": "3080a7e4-6723-40e6-9ac8-54c9b351f672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113431437021923419", "content": "", "creation_timestamp": "2024-11-05T17:06:11.034127Z"}, {"uuid": "ac35f149-7a41-491c-9003-0261e95d99fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/grapheneos.org/post/3lqbjkjf56s2y", "content": "", "creation_timestamp": "2025-05-29T01:04:26.245956Z"}, {"uuid": "e5947c56-1988-4fe6-bb60-24c5c7c80d7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lqgojs324f2w", "content": "", "creation_timestamp": "2025-05-31T02:16:49.418551Z"}, {"uuid": "b5ee001d-5092-4a31-b70f-600511381c37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lqoa53q2yt2a", "content": "", "creation_timestamp": "2025-06-03T02:20:28.890708Z"}, {"uuid": "ca6d107c-534e-4743-96bc-1b53db4c1f71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/grapheneos.org/post/3lqd7w6q3gs2y", "content": "", "creation_timestamp": "2025-05-29T17:17:19.981839Z"}, {"uuid": "2eb697af-70ec-460f-b7ce-55096b5a52c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/grapheneos.org/post/3lqd7z2oau22y", "content": "", "creation_timestamp": "2025-05-29T17:18:56.150017Z"}, {"uuid": "c693e298-5b9f-48fc-b38a-29f819fea66b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lqdagybd7n2a", "content": "", "creation_timestamp": "2025-05-29T17:26:43.659280Z"}, {"uuid": "8faf06a8-87cb-4a66-baa4-40ed62da9447", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lqdak6inwt2n", "content": "", "creation_timestamp": "2025-05-29T17:28:30.684866Z"}, {"uuid": "f0e42948-4a16-4691-8b09-39b88b8b2710", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lqj7m3wi7j2s", "content": "", "creation_timestamp": "2025-06-01T02:27:39.866014Z"}, {"uuid": "78f46741-bd34-43f1-b442-4a04f7181b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lqe64gjdrg2z", "content": "", "creation_timestamp": "2025-05-30T02:17:41.915461Z"}, {"uuid": "71aa1c53-90d4-4664-a4f3-e207079fff04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lqtazbx3dj2r", "content": "", "creation_timestamp": "2025-06-05T02:19:33.669263Z"}, {"uuid": "a84dd1e3-b01c-4d87-97de-2cb181fe4783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lqlpry5frg2u", "content": "", "creation_timestamp": "2025-06-02T02:22:36.448035Z"}, {"uuid": "4c0c414f-4ba2-478d-a55c-0a8d64666bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50082", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "6f3c98e1-0a19-4e56-806a-70912ca28609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50083", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "db47524e-32bf-45a6-b008-dd8f33fdb990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "071b232b-6083-4c0a-9429-467f82a2bdb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50085", "type": "seen", "source": "https://t.me/cvedetector/9227", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50085 - Cisco MPTCP Subflow Use-After-Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50085 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow \n \nSyzkaller reported this splat: \n \n ================================================================== \n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881 \n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662 \n \n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 \n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 \n Call Trace: \n \n __dump_stack lib/dump_stack.c:94 [inline] \n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 \n print_address_description mm/kasan/report.c:377 [inline] \n print_report+0xc3/0x620 mm/kasan/report.c:488 \n kasan_report+0xd9/0x110 mm/kasan/report.c:601 \n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881 \n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline] \n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572 \n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603 \n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115 \n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] \n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210 \n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551 \n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 \n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline] \n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357 \n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901 \n sock_sendmsg_nosec net/socket.c:729 [inline] \n __sock_sendmsg net/socket.c:744 [inline] \n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607 \n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661 \n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690 \n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] \n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386 \n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411 \n entry_SYSENTER_compat_after_hwframe+0x84/0x8e \n RIP: 0023:0xf7fe4579 \n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 \n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 \n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140 \n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 \n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 \n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 \n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 \n \n \n Allocated by task 5387: \n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 \n kasan_save_track+0x14/0x30 mm/kasan/common.c:68 \n poison_kmalloc_redzone mm/kasan/common.c:377 [inline] \n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394 \n kmalloc_noprof include/linux/slab.h:878 [inline] \n kzalloc_noprof include/linux/slab.h:1014 [inline] \n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803 \n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956 \n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline] \n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167 \n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764 \n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592 \n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642 \n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline] \n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943 \n mptcp_worker+0x15a/0x1240 net/mptcp[...]", "creation_timestamp": "2024-10-29T03:03:03.000000Z"}, {"uuid": "ecc1d480-085b-4cae-aae2-f3120ca0e7b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50083", "type": "seen", "source": "https://t.me/cvedetector/9221", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50083 - VMware ESXi MTCP Edge Subflow Option Handling Buffer Overflow\", \n \"Content\": \"CVE ID : CVE-2024-50083 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ntcp: fix mptcp DSS corruption due to large pmtu xmit \n \nSyzkaller was able to trigger a DSS corruption: \n \n TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. \n ------------[ cut here ]------------ \n WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 \n Modules linked in: \n CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0 \n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 \n RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 \n Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 <0f0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff \n RSP: 0018:ffffc90000006db8 EFLAGS: 00010246 \n RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00 \n RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0 \n RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8 \n R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000 \n R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5 \n FS: 000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 \n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \n CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0 \n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 \n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 \n Call Trace: \n \n move_skbs_to_msk net/mptcp/protocol.c:811 [inline] \n mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854 \n subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490 \n tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283 \n tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237 \n tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 \n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350 \n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 \n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 \n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 \n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 \n __netif_receive_skb_one_core net/core/dev.c:5662 [inline] \n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775 \n process_backlog+0x662/0x15b0 net/core/dev.c:6107 \n __napi_poll+0xcb/0x490 net/core/dev.c:6771 \n napi_poll net/core/dev.c:6840 [inline] \n net_rx_action+0x89b/0x1240 net/core/dev.c:6962 \n handle_softirqs+0x2c5/0x980 kernel/softirq.c:554 \n do_softirq+0x11b/0x1e0 kernel/softirq.c:455 \n \n \n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 \n local_bh_enable include/linux/bottom_half.h:33 [inline] \n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] \n __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451 \n dev_queue_xmit include/linux/netdevice.h:3094 [inline] \n neigh_hh_output include/net/neighbour.h:526 [inline] \n neigh_output include/net/neighbour.h:540 [inline] \n ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 \n ip_local_out net/ipv4/ip_output.c:130 [inline] \n __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536 \n __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466 \n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] \n tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline] \n tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752 \n __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015 \n tcp_push_pending_frames include/net/tcp.h:2107 [inline] \n tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline] \n tc[...]", "creation_timestamp": "2024-10-29T03:02:54.000000Z"}, {"uuid": "cbebd6bc-8bf2-4844-a99a-739b97ed1cf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50089", "type": "seen", "source": "https://t.me/cvedetector/9901", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50089 - Apache Unicode Decomposition Case Folding Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50089 \nPublished : Nov. 5, 2024, 5:15 p.m. | 32\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nunicode: Don't special case ignorable code points \n \nWe don't need to handle them separately. Instead, just let them \ndecompose/casefold to themselves. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T18:53:48.000000Z"}, {"uuid": "5829fb50-c9fd-40fc-aaf0-51839570d8ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50084", "type": "seen", "source": "https://t.me/cvedetector/9225", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50084 - Microchip Linux Kernel VCAP API Use-After-Free and Memory Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50084 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() \n \nCommit a3c1e45156ad (\"net: microchip: vcap: Fix use-after-free error in \nkunit test\") fixed the use-after-free error, but introduced below \nmemory leaks by removing necessary vcap_free_rule(), add it to fix it. \n \n unreferenced object 0xffffff80ca58b700 (size 192): \n comm \"kunit_try_catch\", pid 1215, jiffies 4294898264 \n hex dump (first 32 bytes): \n 00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z.........d... \n 00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ................ \n backtrace (crc 9c09c3fe): \n [<0000000052a0be73] kmemleak_alloc+0x34/0x40 \n [<0000000043605459] __kmalloc_cache_noprof+0x26c/0x2f4 \n [<0000000040a01b8d] vcap_alloc_rule+0x3cc/0x9c4 \n [<000000003fe86110] vcap_api_encode_rule_test+0x1ac/0x16b0 \n [<00000000b3595fc4] kunit_try_run_case+0x13c/0x3ac \n [<0000000010f5d2bf] kunit_generic_run_threadfn_adapter+0x80/0xec \n [<00000000c5d82c9a] kthread+0x2e8/0x374 \n [<00000000f4287308] ret_from_fork+0x10/0x20 \n unreferenced object 0xffffff80cc0b0400 (size 64): \n comm \"kunit_try_catch\", pid 1215, jiffies 4294898265 \n hex dump (first 32 bytes): \n 80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff ..........X..... \n 39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff 9............... \n backtrace (crc daf014e9): \n [<0000000052a0be73] kmemleak_alloc+0x34/0x40 \n [<0000000043605459] __kmalloc_cache_noprof+0x26c/0x2f4 \n [<000000000ff63fd4] vcap_rule_add_key+0x2cc/0x528 \n [<00000000dfdb1e81] vcap_api_encode_rule_test+0x224/0x16b0 \n [<00000000b3595fc4] kunit_try_run_case+0x13c/0x3ac \n [<0000000010f5d2bf] kunit_generic_run_threadfn_adapter+0x80/0xec \n [<00000000c5d82c9a] kthread+0x2e8/0x374 \n [<00000000f4287308] ret_from_fork+0x10/0x20 \n unreferenced object 0xffffff80cc0b0700 (size 64): \n comm \"kunit_try_catch\", pid 1215, jiffies 4294898265 \n hex dump (first 32 bytes): \n 80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff ........(.X..... \n 3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff <........<0000000052a0be73] kmemleak_alloc+0x34/0x40 \n [<0000000043605459] __kmalloc_cache_noprof+0x26c/0x2f4 \n [<000000006eadfab7] vcap_rule_add_action+0x2d0/0x52c \n [<00000000323475d1] vcap_api_encode_rule_test+0x4d4/0x16b0 \n [<00000000b3595fc4] kunit_try_run_case+0x13c/0x3ac \n [<0000000010f5d2bf] kunit_generic_run_threadfn_adapter+0x80/0xec \n [<00000000c5d82c9a] kthread+0x2e8/0x374 \n [<00000000f4287308] ret_from_fork+0x10/0x20 \n unreferenced object 0xffffff80cc0b0900 (size 64): \n comm \"kunit_try_catch\", pid 1215, jiffies 4294898266 \n hex dump (first 32 bytes): \n 80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff ................ \n 7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00 }............... \n backtrace (crc 34181e56): \n [<0000000052a0be73] kmemleak_alloc+0x34/0x40 \n [<0000000043605459] __kmalloc_cache_noprof+0x26c/0x2f4 \n [<000000000ff63fd4] vcap_rule_add_key+0x2cc/0x528 \n [<00000000991e3564] vcap_val_rule+0xcf0/0x13e8 \n [<00000000fc9868e5] vcap_api_encode_rule_test+0x678/0x16b0 \n [<00000000b3595fc4] kunit_try_run_case+0x13c/0x3ac \n [<0000000010f5d2bf] kunit_generic_run_threadfn_adapter+0x80/0xec \n [<00000000c5d82c9a] kthread+0x2e8/0x374 \n [<00000000f4287308] ret_from_fork+0x10/0x20 \n unreferenced object 0xffffff80cc0b0980 (size 64): \n comm \"kunit_try_catch\", pid 1215, jiffies 4294898266 \n hex dump (first 32 bytes): \n 18 b7 58 ca 80 ff ff ff 00 09 0b cc 8[...]", "creation_timestamp": "2024-10-29T03:03:01.000000Z"}, {"uuid": "78cec907-5309-489a-98ca-3af7376a8f3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50082", "type": "seen", "source": "https://t.me/cvedetector/9223", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50082 - Linux Kernel Blk-RQ-QOS Crash Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50082 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nblk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race \n \nWe're seeing crashes from rq_qos_wake_function that look like this: \n \n BUG: unable to handle page fault for address: ffffafe180a40084 \n #PF: supervisor write access in kernel mode \n #PF: error_code(0x0002) - not-present page \n PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0 \n Oops: Oops: 0002 [#1] PREEMPT SMP PTI \n CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11 \n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 \n RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40 \n Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 62 97 30 4c 31 c0 ba 01 00 00 00 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 2c 0b 00 \n RSP: 0018:ffffafe180580ca0 EFLAGS: 00010046 \n RAX: 0000000000000000 RBX: ffffafe180a3f7a8 RCX: 0000000000000011 \n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffafe180a40084 \n RBP: 0000000000000000 R08: 00000000001e7240 R09: 0000000000000011 \n R10: 0000000000000028 R11: 0000000000000888 R12: 0000000000000002 \n R13: ffffafe180a40084 R14: 0000000000000000 R15: 0000000000000003 \n FS: 0000000000000000(0000) GS:ffff9aaf1f280000(0000) knlGS:0000000000000000 \n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \n CR2: ffffafe180a40084 CR3: 000000010e428002 CR4: 0000000000770ef0 \n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 \n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 \n PKRU: 55555554 \n Call Trace: \n \n try_to_wake_up+0x5a/0x6a0 \n rq_qos_wake_function+0x71/0x80 \n __wake_up_common+0x75/0xa0 \n __wake_up+0x36/0x60 \n scale_up.part.0+0x50/0x110 \n wb_timer_fn+0x227/0x450 \n ... \n \nSo rq_qos_wake_function() calls wake_up_process(data->task), which calls \ntry_to_wake_up(), which faults in raw_spin_lock_irqsave(&p->pi_lock). \n \np comes from data->task, and data comes from the waitqueue entry, which \nis stored on the waiter's stack in rq_qos_wait(). Analyzing the core \ndump with drgn, I found that the waiter had already woken up and moved \non to a completely unrelated code path, clobbering what was previously \ndata->task. Meanwhile, the waker was passing the clobbered garbage in \ndata->task to wake_up_process(), leading to the crash. \n \nWhat's happening is that in between rq_qos_wake_function() deleting the \nwaitqueue entry and calling wake_up_process(), rq_qos_wait() is finding \nthat it already got a token and returning. The race looks like this: \n \nrq_qos_wait() rq_qos_wake_function() \n============================================================== \nprepare_to_wait_exclusive() \n data->got_token = true; \n list_del_init(&curr->entry); \nif (data.got_token) \n break; \nfinish_wait(&rqw->wait, &data.wq); \n ^- returns immediately because \n list_empty_careful(&wq_entry->entry) \n is true \n... return, go do something else ... \n wake_up_process(data->task) \n (NO LONGER VALID!)-^ \n \nNormally, finish_wait() is supposed to synchronize against the waker. \nBut, as noted above, it is returning immediately because the waitqueue \nentry has already been removed from the waitqueue. \n \nThe bug is that rq_qos_wake_function() is accessing the waitqueue entry \nAFTER deleting it. Note that autoremove_wake_function() wakes the waiter \nand THEN deletes the waitqueue entry, which is the proper order. \n \nFix it by swapping the order. We also need to use \nl[...]", "creation_timestamp": "2024-10-29T03:02:59.000000Z"}, {"uuid": "50d63d9b-1330-4edc-a76d-48cfeeea79ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50088", "type": "seen", "source": "https://t.me/cvedetector/9230", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50088 - \"btrfs Uninitialized Pointer Free\"\", \n \"Content\": \"CVE ID : CVE-2024-50088 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbtrfs: fix uninitialized pointer free in add_inode_ref() \n \nThe add_inode_ref() function does not initialize the \"name\" struct when \nit is declared. If any of the following calls to \"read_one_inode() \nreturns NULL, \n \n dir = read_one_inode(root, parent_objectid); \n if (!dir) { \n ret = -ENOENT; \n goto out; \n } \n \n inode = read_one_inode(root, inode_objectid); \n if (!inode) { \n ret = -EIO; \n goto out; \n } \n \nthen \"name.name\" would be freed on \"out\" before being initialized. \n \nout: \n ... \n kfree(name.name); \n \nThis issue was reported by Coverity with CID 1526744. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"29 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T03:03:06.000000Z"}, {"uuid": "cb04bd61-abdb-4a42-a273-e4585ece1857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50086", "type": "seen", "source": "https://t.me/cvedetector/9229", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50086 - \"InfiniBand Open-Ethercat-Device ( ksmbd ) - Improper Free Reference\"\", \n \"Content\": \"CVE ID : CVE-2024-50086 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nksmbd: fix user-after-free from session log off \n \nThere is racy issue between smb2 session log off and smb2 session setup. \nIt will cause user-after-free from session log off. \nThis add session_lock when setting SMB2_SESSION_EXPIRED and referece \ncount to session struct not to free session while it is being used. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"29 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T03:03:05.000000Z"}, {"uuid": "8242ce49-ce47-4f28-8937-c25d6b717310", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50087", "type": "seen", "source": "https://t.me/cvedetector/9219", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50087 - Btrfs Uninitialized Pointer Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50087 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbtrfs: fix uninitialized pointer free on read_alloc_one_name() error \n \nThe function read_alloc_one_name() does not initialize the name field of \nthe passed fscrypt_str struct if kmalloc fails to allocate the \ncorresponding buffer. Thus, it is not guaranteed that \nfscrypt_str.name is initialized when freeing it. \n \nThis is a follow-up to the linked patch that fixes the remaining \ninstances of the bug introduced by commit e43eec81c516 (\"btrfs: use \nstruct qstr instead of name and namelen pairs\"). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"29 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T03:02:53.000000Z"}, {"uuid": "78c9df3e-8137-4881-ab03-dac9becc38e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50081", "type": "seen", "source": "https://t.me/cvedetector/9218", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50081 - Linux Kernel blk-mq Tag Set Setup Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50081 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nblk-mq: setup queue ->tag_set before initializing hctx \n \nCommit 7b815817aa58 (\"blk-mq: add helper for checking if one CPU is mapped to specified hctx\") \nneeds to check queue mapping via tag set in hctx's cpuhp handler. \n \nHowever, q->tag_set may not be setup yet when the cpuhp handler is \nenabled, then kernel oops is triggered. \n \nFix the issue by setup queue tag_set before initializing hctx. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"29 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T03:02:52.000000Z"}]}