{"vulnerability": "CVE-2024-50195", "sightings": [{"uuid": "9f36ee91-cf6f-4dbc-9736-9d7af1f9e9ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50195", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "d8036981-e8f2-4046-8376-71006025edb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50195", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3me6zzvrufd2z", "content": "", "creation_timestamp": "2026-02-06T13:45:16.252407Z"}, {"uuid": "c68fdaff-daac-4966-8883-2137c48b69a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50195", "type": "seen", "source": "https://t.me/cvedetector/10173", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50195 - Linux Kernel posix-clock Tespasteime64 Validation RCE\", \n  \"Content\": \"CVE ID : CVE-2024-50195 \nPublished : Nov. 8, 2024, 6:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nposix-clock: Fix missing timespec64 check in pc_clock_settime()  \n  \nAs Andrew pointed out, it will make sense that the PTP core  \nchecked timespec64 struct's tv_sec and tv_nsec range before calling  \nptp->info->settime64().  \n  \nAs the man manual of clock_settime() said, if tp.tv_sec is negative or  \ntp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL,  \nwhich include dynamic clocks which handles PTP clock, and the condition is  \nconsistent with timespec64_valid(). As Thomas suggested, timespec64_valid()  \nonly check the timespec is valid, but not ensure that the time is  \nin a valid range, so check it ahead using timespec64_valid_strict()  \nin pc_clock_settime() and return -EINVAL if not valid.  \n  \nThere are some drivers that use tp->tv_sec and tp->tv_nsec directly to  \nwrite registers without validity checks and assume that the higher layer  \nhas checked it, which is dangerous and will benefit from this, such as  \nhclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),  \nand some drivers can remove the checks of itself. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T07:59:48.000000Z"}]}