{"vulnerability": "cve-2024-5307", "sightings": [{"uuid": "64a27fa5-ebb3-4d71-a6f6-fed00d9c4b7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-53079", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "b4c7726a-915e-431e-aaf9-4b7d9bf09fbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53074", "type": "seen", "source": "https://t.me/cvedetector/11489", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53074 - \"WiFi iwlwifi Link Mapping Resource Leak Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-53074 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nwifi: iwlwifi: mvm: don't leak a link on AP removal  \n  \nRelease the link mapping resource in AP removal. This impacted devices  \nthat do not support the MLD API (9260 and down).  \nOn those devices, we couldn't start the AP again after the AP has been  \nalready started and stopped. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T20:09:50.000000Z"}, {"uuid": "93ed8773-9e92-452f-af06-d5e9cd070534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53076", "type": "seen", "source": "https://t.me/cvedetector/11490", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53076 - Linux iio: Memory Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53076 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \niio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table()  \n  \nIf per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loop  \nof iio_gts_build_avail_scale_table(), the err_free_out will fail to call  \nkfree() each time when i is reduced to 0, so all the per_time_scales[0]  \nand per_time_gains[0] will not be freed, which will cause memory leaks.  \n  \nFix it by checking if i >= 0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T20:09:51.000000Z"}, {"uuid": "24750e7b-a8d6-4774-acb3-d72c8743962b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53078", "type": "seen", "source": "https://t.me/cvedetector/11481", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53078 - NVIDIA Linux Kernel NULL Pointer Dereferencing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53078 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/tegra: Fix NULL vs IS_ERR() check in probe()  \n  \nThe iommu_paging_domain_alloc() function doesn't  return NULL pointers,  \nit returns error pointers.  Update the check to match. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T20:09:40.000000Z"}, {"uuid": "9f1b701a-8e45-42ed-b414-3df2510918bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53079", "type": "seen", "source": "https://t.me/cvedetector/11479", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53079 - Linux Kernel THP Deferred Split Queue Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53079 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nmm/thp: fix deferred split unqueue naming and locking  \n  \nRecent changes are putting more pressure on THP deferred split queues:  \nunder load revealing long-standing races, causing list_del corruptions,  \n\"Bad page state\"s and worse (I keep BUGs in both of those, so usually  \ndon't get to see how badly they end up without).  The relevant recent  \nchanges being 6.8's mTHP, 6.10's mTHP swapout, and 6.12's mTHP swapin,  \nimproved swap allocation, and underused THP splitting.  \n  \nBefore fixing locking: rename misleading folio_undo_large_rmappable(),  \nwhich does not undo large_rmappable, to folio_unqueue_deferred_split(),  \nwhich is what it does.  But that and its out-of-line __callee are mm  \ninternals of very limited usability: add comment and WARN_ON_ONCEs to  \ncheck usage; and return a bool to say if a deferred split was unqueued,  \nwhich can then be used in WARN_ON_ONCEs around safety checks (sparing  \ncallers the arcane conditionals in __folio_unqueue_deferred_split()).  \n  \nJust omit the folio_unqueue_deferred_split() from free_unref_folios(), all  \nof whose callers now call it beforehand (and if any forget then bad_page()  \nwill tell) - except for its caller put_pages_list(), which itself no  \nlonger has any callers (and will be deleted separately).  \n  \nSwapout: mem_cgroup_swapout() has been resetting folio->memcg_data 0  \nwithout checking and unqueueing a THP folio from deferred split list;  \nwhich is unfortunate, since the split_queue_lock depends on the memcg  \n(when memcg is enabled); so swapout has been unqueueing such THPs later,  \nwhen freeing the folio, using the pgdat's lock instead: potentially  \ncorrupting the memcg's list.  __remove_mapping() has frozen refcount to 0  \nhere, so no problem with calling folio_unqueue_deferred_split() before  \nresetting memcg_data.  \n  \nThat goes back to 5.4 commit 87eaceb3faa5 (\"mm: thp: make deferred split  \nshrinker memcg aware\"): which included a check on swapcache before adding  \nto deferred queue, but no check on deferred queue before adding THP to  \nswapcache.  That worked fine with the usual sequence of events in reclaim  \n(though there were a couple of rare ways in which a THP on deferred queue  \ncould have been swapped out), but 6.12 commit dafff3f4c850 (\"mm: split  \nunderused THPs\") avoids splitting underused THPs in reclaim, which makes  \nswapcache THPs on deferred queue commonplace.  \n  \nKeep the check on swapcache before adding to deferred queue?  Yes: it is  \nno longer essential, but preserves the existing behaviour, and is likely  \nto be a worthwhile optimization (vmstat showed much more traffic on the  \nqueue under swapping load if the check was removed); update its comment.  \n  \nMemcg-v1 move (deprecated): mem_cgroup_move_account() has been changing  \nfolio->memcg_data without checking and unqueueing a THP folio from the  \ndeferred list, sometimes corrupting \"from\" memcg's list, like swapout.   \nRefcount is non-zero here, so folio_unqueue_deferred_split() can only be  \nused in a WARN_ON_ONCE to validate the fix, which must be done earlier:  \nmem_cgroup_move_charge_pte_range() first try to split the THP (splitting  \nof course unqueues), or skip it if that fails.  Not ideal, but moving  \ncharge has been requested, and khugepaged should repair the THP later:  \nnobody wants new custom unqueueing code just for this deprecated case.  \n  \nThe 87eaceb3faa5 commit did have the code to move from one deferred list  \nto another (but was not conscious of its unsafety while refcount non-0);  \nbut that was removed by 5.6 commit fac0516b5534 (\"mm: thp: don't need care  \ndeferred split queue in memcg charge move path\"), which argued that the  \nexistence of a PMD mapping guarantees that the THP cannot be on a deferred  \nlist.  As above, fa[...]", "creation_timestamp": "2024-11-19T20:09:37.000000Z"}, {"uuid": "2b962234-e674-46d1-89eb-8b8ce01bebee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53077", "type": "seen", "source": "https://t.me/cvedetector/11477", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53077 - NovelStaff RPCRDMA XArray Double-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53077 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nrpcrdma: Always release the rpcrdma_device's xa_array  \n  \nDai pointed out that the xa_init_flags() in rpcrdma_add_one() needs  \nto have a matching xa_destroy() in rpcrdma_remove_one() to release  \nunderlying memory that the xarray might have accrued during  \noperation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T20:09:34.000000Z"}, {"uuid": "bd926e06-3fb6-4d9e-85fb-55ede4862ce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53075", "type": "seen", "source": "https://t.me/cvedetector/11476", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53075 - \"RISC-V Linux Kernel CPU Node Reference Count Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-53075 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nriscv: Prevent a bad reference count on CPU nodes  \n  \nWhen populating cache leaves we previously fetched the CPU device node  \nat the very beginning. But when ACPI is enabled we go through a  \nspecific branch which returns early and does not call 'of_node_put' for  \nthe node that was acquired.  \n  \nSince we are not using a CPU device node for the ACPI code anyways, we  \ncan simply move the initialization of it just passed the ACPI block, and  \nwe are guaranteed to have an 'of_node_put' call for the acquired node.  \nThis prevents a bad reference count of the CPU device node.  \n  \nMoreover, the previous function did not check for errors when acquiring  \nthe device node, so a return -ENOENT has been added for that case. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T20:09:33.000000Z"}, {"uuid": "e734e859-d27a-4f0c-a39e-7e2b33b943ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-53079", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}]}