{"vulnerability": "cve-2024-5306", "sightings": [{"uuid": "28edd734-672f-4de6-be7c-a02a8c15ab3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53066", "type": "seen", "source": "https://t.me/cvedetector/11493", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-53066 - Linux NFS decode_getfattr_attrs Uninitialized Memory Disclosure\", \n \"Content\": \"CVE ID : CVE-2024-53066 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnfs: Fix KMSAN warning in decode_getfattr_attrs() \n \nFix the following KMSAN warning: \n \nCPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B \nTainted: [B]=BAD_PAGE \nHardware name: QEMU Standard PC (Q35 + ICH9, 2009) \n===================================================== \n===================================================== \nBUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90 \n decode_getfattr_attrs+0x2d6d/0x2f90 \n decode_getfattr_generic+0x806/0xb00 \n nfs4_xdr_dec_getattr+0x1de/0x240 \n rpcauth_unwrap_resp_decode+0xab/0x100 \n rpcauth_unwrap_resp+0x95/0xc0 \n call_decode+0x4ff/0xb50 \n __rpc_execute+0x57b/0x19d0 \n rpc_execute+0x368/0x5e0 \n rpc_run_task+0xcfe/0xee0 \n nfs4_proc_getattr+0x5b5/0x990 \n __nfs_revalidate_inode+0x477/0xd00 \n nfs_access_get_cached+0x1021/0x1cc0 \n nfs_do_access+0x9f/0xae0 \n nfs_permission+0x1e4/0x8c0 \n inode_permission+0x356/0x6c0 \n link_path_walk+0x958/0x1330 \n path_lookupat+0xce/0x6b0 \n filename_lookup+0x23e/0x770 \n vfs_statx+0xe7/0x970 \n vfs_fstatat+0x1f2/0x2c0 \n __se_sys_newfstatat+0x67/0x880 \n __x64_sys_newfstatat+0xbd/0x120 \n x64_sys_call+0x1826/0x3cf0 \n do_syscall_64+0xd0/0x1b0 \n entry_SYSCALL_64_after_hwframe+0x77/0x7f \n \nThe KMSAN warning is triggered in decode_getfattr_attrs(), when calling \ndecode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not \ninitialized. \n \nFix the issue by initializing fattr->mdsthreshold to NULL in \nnfs_fattr_init(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T20:09:55.000000Z"}, {"uuid": "21b0e869-23f0-4369-b60d-a33fc16ecbf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53063", "type": "seen", "source": "https://gist.github.com/webmutation/894dd1a9a17615b7469198bb18bc3a16", "content": "", "creation_timestamp": "2025-04-12T00:10:16.000000Z"}, {"uuid": "433e08f9-75d4-48dc-8cf1-4c8072691925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53066", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "1ee36a6a-a9c7-4907-862a-96ddb83ff295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53063", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "279bd8c8-0d20-458e-8fe9-66ce1118672b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53061", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "f2fc4121-5a6d-4498-970d-672ef4d00624", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53060", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "62503881-30fe-4c1e-8f49-ae885bb0b968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53064", "type": "seen", "source": "https://t.me/cvedetector/11492", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-53064 - Linux idpf: Null Pointer Dereference Vulnerability in Device Control Plane\", \n \"Content\": \"CVE ID : CVE-2024-53064 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nidpf: fix idpf_vc_core_init error path \n \nIn an event where the platform running the device control plane \nis rebooted, reset is detected on the driver. It releases \nall the resources and waits for the reset to complete. Once the \nreset is done, it tries to build the resources back. At this \ntime if the device control plane is not yet started, then \nthe driver timeouts on the virtchnl message and retries to \nestablish the mailbox again. \n \nIn the retry flow, mailbox is deinitialized but the mailbox \nworkqueue is still alive and polling for the mailbox message. \nThis results in accessing the released control queue leading to \nnull-ptr-deref. Fix it by unrolling the work queue cancellation \nand mailbox deinitialization in the reverse order which they got \ninitialized. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T20:09:54.000000Z"}, {"uuid": "042b8337-6a4b-4659-9601-6e0565760035", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53067", "type": "seen", "source": "https://t.me/cvedetector/11498", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-53067 - Linux Kernel SCSI UFS Runtime Power Management Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-53067 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nscsi: ufs: core: Start the RTC update work later \n \nThe RTC update work involves runtime resuming the UFS controller. Hence, \nonly start the RTC update work after runtime power management in the UFS \ndriver has been fully initialized. This patch fixes the following kernel \ncrash: \n \nInternal error: Oops: 0000000096000006 [#1] PREEMPT SMP \nWorkqueue: events ufshcd_rtc_work \nCall trace: \n _raw_spin_lock_irqsave+0x34/0x8c (P) \n pm_runtime_get_if_active+0x24/0x9c (L) \n pm_runtime_get_if_active+0x24/0x9c \n ufshcd_rtc_work+0x138/0x1b4 \n process_one_work+0x148/0x288 \n worker_thread+0x2cc/0x3d4 \n kthread+0x110/0x114 \n ret_from_fork+0x10/0x20 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T20:10:37.000000Z"}, {"uuid": "fb5f7bb7-c2cc-4a0c-a64a-19b361a3d8f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53068", "type": "seen", "source": "https://t.me/cvedetector/11496", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-53068 - Qualcomm Arm SCMI Firmware Bugybility: Slab-Use-After-Free\", \n \"Content\": \"CVE ID : CVE-2024-53068 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nfirmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() \n \nThe scmi_dev->name is released prematurely in __scmi_device_destroy(), \nwhich causes slab-use-after-free when accessing scmi_dev->name in \nscmi_bus_notifier(). So move the release of scmi_dev->name to \nscmi_device_release() to avoid slab-use-after-free. \n \n | BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec \n | Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1 \n | \n | CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.38-debug #1 \n | Hardware name: Qualcomm Technologies, Inc. SA8775P Ride (DT) \n | Call trace: \n | dump_backtrace+0x94/0x114 \n | show_stack+0x18/0x24 \n | dump_stack_lvl+0x48/0x60 \n | print_report+0xf4/0x5b0 \n | kasan_report+0xa4/0xec \n | __asan_report_load1_noabort+0x20/0x2c \n | strncmp+0xe4/0xec \n | scmi_bus_notifier+0x5c/0x54c \n | notifier_call_chain+0xb4/0x31c \n | blocking_notifier_call_chain+0x68/0x9c \n | bus_notify+0x54/0x78 \n | device_del+0x1bc/0x840 \n | device_unregister+0x20/0xb4 \n | __scmi_device_destroy+0xac/0x280 \n | scmi_device_destroy+0x94/0xd0 \n | scmi_chan_setup+0x524/0x750 \n | scmi_probe+0x7fc/0x1508 \n | platform_probe+0xc4/0x19c \n | really_probe+0x32c/0x99c \n | __driver_probe_device+0x15c/0x3c4 \n | driver_probe_device+0x5c/0x170 \n | __driver_attach+0x1c8/0x440 \n | bus_for_each_dev+0xf4/0x178 \n | driver_attach+0x3c/0x58 \n | bus_add_driver+0x234/0x4d4 \n | driver_register+0xf4/0x3c0 \n | __platform_driver_register+0x60/0x88 \n | scmi_driver_init+0xb0/0x104 \n | do_one_initcall+0xb4/0x664 \n | kernel_init_freeable+0x3c8/0x894 \n | kernel_init+0x24/0x1e8 \n | ret_from_fork+0x10/0x20 \n | \n | Allocated by task 1: \n | kasan_save_stack+0x2c/0x54 \n | kasan_set_track+0x2c/0x40 \n | kasan_save_alloc_info+0x24/0x34 \n | __kasan_kmalloc+0xa0/0xb8 \n | __kmalloc_node_track_caller+0x6c/0x104 \n | kstrdup+0x48/0x84 \n | kstrdup_const+0x34/0x40 \n | __scmi_device_create.part.0+0x8c/0x408 \n | scmi_device_create+0x104/0x370 \n | scmi_chan_setup+0x2a0/0x750 \n | scmi_probe+0x7fc/0x1508 \n | platform_probe+0xc4/0x19c \n | really_probe+0x32c/0x99c \n | __driver_probe_device+0x15c/0x3c4 \n | driver_probe_device+0x5c/0x170 \n | __driver_attach+0x1c8/0x440 \n | bus_for_each_dev+0xf4/0x178 \n | driver_attach+0x3c/0x58 \n | bus_add_driver+0x234/0x4d4 \n | driver_register+0xf4/0x3c0 \n | __platform_driver_register+0x60/0x88 \n | scmi_driver_init+0xb0/0x104 \n | do_one_initcall+0xb4/0x664 \n | kernel_init_freeable+0x3c8/0x894 \n | kernel_init+0x24/0x1e8 \n | ret_from_fork+0x10/0x20 \n | \n | Freed by task 1: \n | kasan_save_stack+0x2c/0x54 \n | kasan_set_track+0x2c/0x40 \n | kasan_save_free_info+0x38/0x5c \n | __kasan_slab_free+0xe8/0x164 \n | __kmem_cache_free+0x11c/0x230 \n | kfree+0x70/0x130 \n | kfree_const+0x20/0x40 \n | __scmi_device_destroy+0x70/0x280 \n | scmi_device_destroy+0x94/0xd0 \n | scmi_chan_setup+0x524/0x750 \n | scmi_probe+0x7fc/0x1508 \n | platform_probe+0xc4/0x19c \n | really_probe+0x32c/0x99c \n | __driver_probe_device+0x15c/0x3c4 \n | driver_probe_device+0x5c/0x170 \n | __driver_attach+0x1c8/0x440 \n | bus_for_each_dev+0xf4/0x178 \n | driver_attach+0x3c/0x58 \n | bus_add_driver+0x234/0x4d4 \n | driver_register+0xf4/0x3c0 \n | __platform_driver_register+0x60/0x88 \n | scmi_driver_init+0xb0/0x104 \n | do_one_initcall+0xb4/0x664 \n | kernel_init_freeable+0x3c8/0x894 \n | kernel_init+0x24/0x1e8 \n | ret_from_fork+0x10/0x20 \nSeverity: 0.0 | NA \nVisit the link for more details, suc[...]", "creation_timestamp": "2024-11-19T20:10:34.000000Z"}, {"uuid": "b40be908-ff7d-4e7a-8976-872bdb0297d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53065", "type": "seen", "source": "https://t.me/cvedetector/11494", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-53065 - Linux Kernel Duplicate Kmem Cache Creation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-53065 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create \n \nCommit b035f5a6d852 (\"mm: slab: reduce the kmalloc() minimum alignment \nif DMA bouncing possible\") reduced ARCH_KMALLOC_MINALIGN to 8 on arm64. \nHowever, with KASAN_HW_TAGS enabled, arch_slab_minalign() becomes 16. \nThis causes kmalloc_caches[*][8] to be aliased to kmalloc_caches[*][16], \nresulting in kmem_buckets_create() attempting to create a kmem_cache for \nsize 16 twice. This duplication triggers warnings on boot: \n \n[ 2.325108] ------------[ cut here ]------------ \n[ 2.325135] kmem_cache of name 'memdup_user-16' already exists \n[ 2.325783] WARNING: CPU: 0 PID: 1 at mm/slab_common.c:107 __kmem_cache_create_args+0xb8/0x3b0 \n[ 2.327957] Modules linked in: \n[ 2.328550] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5mm-unstable-arm64+ #12 \n[ 2.328683] Hardware name: QEMU QEMU Virtual Machine, BIOS 2024.02-2 03/11/2024 \n[ 2.328790] pstate: 61000009 (nZCv daif -PAN -UAO -TCO +DIT -SSBS BTYPE=--) \n[ 2.328911] pc : __kmem_cache_create_args+0xb8/0x3b0 \n[ 2.328930] lr : __kmem_cache_create_args+0xb8/0x3b0 \n[ 2.328942] sp : ffff800083d6fc50 \n[ 2.328961] x29: ffff800083d6fc50 x28: f2ff0000c1674410 x27: ffff8000820b0598 \n[ 2.329061] x26: 000000007fffffff x25: 0000000000000010 x24: 0000000000002000 \n[ 2.329101] x23: ffff800083d6fce8 x22: ffff8000832222e8 x21: ffff800083222388 \n[ 2.329118] x20: f2ff0000c1674410 x19: f5ff0000c16364c0 x18: ffff800083d80030 \n[ 2.329135] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 \n[ 2.329152] x14: 0000000000000000 x13: 0a73747369786520 x12: 79646165726c6120 \n[ 2.329169] x11: 656820747563205b x10: 2d2d2d2d2d2d2d2d x9 : 0000000000000000 \n[ 2.329194] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 \n[ 2.329210] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 \n[ 2.329226] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 \n[ 2.329291] Call trace: \n[ 2.329407] __kmem_cache_create_args+0xb8/0x3b0 \n[ 2.329499] kmem_buckets_create+0xfc/0x320 \n[ 2.329526] init_user_buckets+0x34/0x78 \n[ 2.329540] do_one_initcall+0x64/0x3c8 \n[ 2.329550] kernel_init_freeable+0x26c/0x578 \n[ 2.329562] kernel_init+0x3c/0x258 \n[ 2.329574] ret_from_fork+0x10/0x20 \n[ 2.329698] ---[ end trace 0000000000000000 ]--- \n \n[ 2.403704] ------------[ cut here ]------------ \n[ 2.404716] kmem_cache of name 'msg_msg-16' already exists \n[ 2.404801] WARNING: CPU: 2 PID: 1 at mm/slab_common.c:107 __kmem_cache_create_args+0xb8/0x3b0 \n[ 2.404842] Modules linked in: \n[ 2.404971] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.12.0-rc5mm-unstable-arm64+ #12 \n[ 2.405026] Tainted: [W]=WARN \n[ 2.405043] Hardware name: QEMU QEMU Virtual Machine, BIOS 2024.02-2 03/11/2024 \n[ 2.405057] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) \n[ 2.405079] pc : __kmem_cache_create_args+0xb8/0x3b0 \n[ 2.405100] lr : __kmem_cache_create_args+0xb8/0x3b0 \n[ 2.405111] sp : ffff800083d6fc50 \n[ 2.405115] x29: ffff800083d6fc50 x28: fbff0000c1674410 x27: ffff8000820b0598 \n[ 2.405135] x26: 000000000000ffd0 x25: 0000000000000010 x24: 0000000000006000 \n[ 2.405153] x23: ffff800083d6fce8 x22: ffff8000832222e8 x21: ffff800083222388 \n[ 2.405169] x20: fbff0000c1674410 x19: fdff0000c163d6c0 x18: ffff800083d80030 \n[ 2.405185] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 \n[ 2.405201] x14: 0000000000000000 x13: 0a73747369786520 x12: 79646165726c6120 \n[ 2.405217] x11: 656820747563205b x10: 2d2d2d2d2d2d2d2d x9 : 0000000000000000 \n[[...]", "creation_timestamp": "2024-11-19T20:09:56.000000Z"}]}