{"vulnerability": "cve-2024-5669", "sightings": [{"uuid": "7c55611a-6abf-40c1-be62-4c256c599361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56690", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebitf7fi2e", "content": "", "creation_timestamp": "2024-12-28T10:15:59.183559Z"}, {"uuid": "67d9f770-f23f-4bc4-af04-77a7e0695c49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56691", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebivpf3422", "content": "", "creation_timestamp": "2024-12-28T10:16:01.638818Z"}, {"uuid": "3b2b59f5-038b-473f-9c33-8ad8d693541d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56692", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebixrxwm22", "content": "", "creation_timestamp": "2024-12-28T10:16:03.849179Z"}, {"uuid": "b6c35aef-66e2-4383-8c50-39382660cf50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56693", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebj2eaam25", "content": "", "creation_timestamp": "2024-12-28T10:16:06.655541Z"}, {"uuid": "8f5c42d1-641b-4e28-b9fa-58498c59b6ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56694", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebj4kuua2e", "content": "", "creation_timestamp": "2024-12-28T10:16:08.847287Z"}, {"uuid": "87f61b01-33dc-405f-8892-7e81a1165108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56695", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebj6nnkq2o", "content": "", "creation_timestamp": "2024-12-28T10:16:11.010072Z"}, {"uuid": "e3aa3c27-4702-4859-89fd-2d2c1ebe7629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56699", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebjhvg5y2i", "content": "", "creation_timestamp": "2024-12-28T10:16:21.630112Z"}, {"uuid": "214c5d3d-584b-49e6-9fbe-2d482174b719", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56696", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebjapazd2m", "content": "", "creation_timestamp": "2024-12-28T10:16:13.253677Z"}, {"uuid": "2da371b7-f122-4513-a0d0-06a99dfd79c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56697", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebjdfe2i2o", "content": "", "creation_timestamp": "2024-12-28T10:16:16.096526Z"}, {"uuid": "bd5a7e85-bf18-4729-b53d-45c1c6d2b0f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56698", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebjfqkzf22", "content": "", "creation_timestamp": "2024-12-28T10:16:18.487326Z"}, {"uuid": "93867973-6b47-401a-817f-6429732f8792", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56690", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113730014565364789", "content": "", "creation_timestamp": "2024-12-28T10:38:22.986154Z"}, {"uuid": "53b76e8a-b6da-442e-a80d-4f50dc51c557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56691", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113730014600069771", "content": "", "creation_timestamp": "2024-12-28T10:38:23.392153Z"}, {"uuid": "107b184e-62be-4530-9ae1-a07d6f8d6bcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56692", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113730073602107423", "content": "", "creation_timestamp": "2024-12-28T10:53:23.779418Z"}, {"uuid": "976f817b-3bc6-4166-9fd0-c463c1168e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56693", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113730073635305860", "content": "", "creation_timestamp": "2024-12-28T10:53:24.328401Z"}, {"uuid": "c09a6c06-3940-4b65-bd36-50e1869f41d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56694", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113730073650757314", "content": "", "creation_timestamp": "2024-12-28T10:53:24.560189Z"}, {"uuid": "5f926c5b-be6f-4a0e-9c7a-afa99e13879e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56695", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113730073666418771", "content": "", "creation_timestamp": "2024-12-28T10:53:24.797014Z"}, {"uuid": "84d7de14-16ea-4347-83db-cdc4d59062e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56696", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113730132669229045", "content": "", "creation_timestamp": "2024-12-28T11:08:25.048659Z"}, {"uuid": "567aa460-04d4-4f14-af11-5c47221ed8d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56697", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113730132690700908", "content": "", "creation_timestamp": "2024-12-28T11:08:25.496964Z"}, {"uuid": "053ae08c-5a50-4845-88d2-e3fb48d34f7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56698", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113730132704909198", "content": "", "creation_timestamp": "2024-12-28T11:08:25.688579Z"}, {"uuid": "31c36948-ed70-438e-a1ec-0bf8eedee3e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56699", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113730132719112817", "content": "", "creation_timestamp": "2024-12-28T11:08:26.139087Z"}, {"uuid": "989b66ce-53c1-411f-a5cf-233227b437b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56699", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113730296625481382", "content": "", "creation_timestamp": "2024-12-28T11:50:06.697037Z"}, {"uuid": "1e26ea71-bd74-44c6-90ac-c678d68e7897", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56695", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113730923594792294", "content": "", "creation_timestamp": "2024-12-28T14:29:33.379196Z"}, {"uuid": "c2efc7c8-09c0-4556-b245-327c83139772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-56692", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "5a5fb49b-927a-4bfb-949c-2b08d2374155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56698", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "c3869a6f-1d80-4779-84c3-329b348fb5c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-56698", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "4676f373-0bea-4f04-b758-7606d155a766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56691", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "1a7b0ab2-7ab0-41fd-9a40-9e3cffcf286f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56690", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "72e37c07-af15-491c-ba3d-a59dce3a69c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56696", "type": "seen", "source": "https://t.me/cvedetector/13839", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56696 - Linux Kernel ALSA Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56696 \nPublished : Dec. 28, 2024, 10:15 a.m. | 45\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() \n \nkunit_kzalloc() may return a NULL pointer, dereferencing it without \nNULL check may lead to NULL dereference. \nAdd NULL checks for all the kunit_kzalloc() in sound_kunit.c \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T12:06:08.000000Z"}, {"uuid": "be7ec565-45df-4ed0-ba4b-64bd61a0232c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-56692", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "c93371c2-e958-49a7-a67f-0bd9b7a7ca97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56694", "type": "seen", "source": "https://t.me/cvedetector/13838", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56694 - Linux Kernel BPF Recursive Lock Deadlock in Stream Verdict Program\", \n \"Content\": \"CVE ID : CVE-2024-56694 \nPublished : Dec. 28, 2024, 10:15 a.m. | 45\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: fix recursive lock when verdict program return SK_PASS \n \nWhen the stream_verdict program returns SK_PASS, it places the received skb \ninto its own receive queue, but a recursive lock eventually occurs, leading \nto an operating system deadlock. This issue has been present since v6.9. \n \n''' \nsk_psock_strp_data_ready \n write_lock_bh(&sk->sk_callback_lock) \n strp_data_ready \n strp_read_sock \n read_sock -> tcp_read_sock \n strp_recv \n cb.rcv_msg -> sk_psock_strp_read \n # now stream_verdict return SK_PASS without peer sock assign \n __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) \n sk_psock_verdict_apply \n sk_psock_skb_ingress_self \n sk_psock_skb_ingress_enqueue \n sk_psock_data_ready \n read_lock_bh(&sk->sk_callback_lock) <=\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T12:06:04.000000Z"}, {"uuid": "4a4933cd-b02b-49bf-a9f1-ad843ff15949", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5669", "type": "seen", "source": "https://t.me/cvedetector/286", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-5669 - The XPlainer \u2013 WooCommerce Product FAQ [WooCommerc\", \n \"Content\": \"CVE ID : CVE-2024-5669 \nPublished : July 9, 2024, 9:15 a.m. | 31\u00a0minutes ago \nDescription : The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store cross-site scripting that will trigger when viewing the dashboard templates or accessing FAQs. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T11:49:56.000000Z"}, {"uuid": "d294869f-3622-4f5d-aebc-313d7d0b892a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56693", "type": "seen", "source": "https://t.me/cvedetector/13842", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56693 - Linux Kernel - Linux brd/fdisk UAF Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56693 \nPublished : Dec. 28, 2024, 10:15 a.m. | 45\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbrd: defer automatic disk creation until module initialization succeeds \n \nMy colleague Wupeng found the following problems during fault injection: \n \nBUG: unable to handle page fault for address: fffffbfff809d073 \nPGD 6e648067 P4D 123ec8067 PUD 123ec4067 PMD 100e38067 PTE 0 \nOops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI \nCPU: 5 UID: 0 PID: 755 Comm: modprobe Not tainted 6.12.0-rc3+ #17 \nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS \n1.16.1-2.fc37 04/01/2014 \nRIP: 0010:__asan_load8+0x4c/0xa0 \n... \nCall Trace: \n \n blkdev_put_whole+0x41/0x70 \n bdev_release+0x1a3/0x250 \n blkdev_release+0x11/0x20 \n __fput+0x1d7/0x4a0 \n task_work_run+0xfc/0x180 \n syscall_exit_to_user_mode+0x1de/0x1f0 \n do_syscall_64+0x6b/0x170 \n entry_SYSCALL_64_after_hwframe+0x76/0x7e \n \nloop_init() is calling loop_add() after __register_blkdev() succeeds and \nis ignoring disk_add() failure from loop_add(), for loop_add() failure \nis not fatal and successfully created disks are already visible to \nbdev_open(). \n \nbrd_init() is currently calling brd_alloc() before __register_blkdev() \nsucceeds and is releasing successfully created disks when brd_init() \nreturns an error. This can cause UAF for the latter two case: \n \ncase 1: \n T1: \nmodprobe brd \n brd_init \n brd_alloc(0) // success \n add_disk \n disk_scan_partitions \n bdev_file_open_by_dev // alloc file \n fput // won't free until back to userspace \n brd_alloc(1) // failed since mem alloc error inject \n // error path for modprobe will release code segment \n // back to userspace \n __fput \n blkdev_release \n bdev_release \n blkdev_put_whole \n bdev->bd_disk->fops->release // fops is freed now, UAF! \n \ncase 2: \n T1: T2: \nmodprobe brd \n brd_init \n brd_alloc(0) // success \n open(/dev/ram0) \n brd_alloc(1) // fail \n // error path for modprobe \n \n close(/dev/ram0) \n ... \n /* UAF! */ \n bdev->bd_disk->fops->release \n \nFix this problem by following what loop_init() does. Besides, \nreintroduce brd_devices_mutex to help serialize modifications to \nbrd_list. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T12:06:10.000000Z"}, {"uuid": "def4ca84-2200-434b-95ea-8f977ee108d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56692", "type": "seen", "source": "https://t.me/cvedetector/13841", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56692 - \"F2FS Linux Kernel F2fs Block Address Corruption Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-56692 \nPublished : Dec. 28, 2024, 10:15 a.m. | 45\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nf2fs: fix to do sanity check on node blkaddr in truncate_node() \n \nsyzbot reports a f2fs bug as below: \n \n------------[ cut here ]------------ \nkernel BUG at fs/f2fs/segment.c:2534! \nRIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534 \nCall Trace: \n truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909 \n f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288 \n f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856 \n evict+0x4e8/0x9b0 fs/inode.c:723 \n f2fs_handle_failed_inode+0x271/0x2e0 fs/f2fs/inode.c:986 \n f2fs_create+0x357/0x530 fs/f2fs/namei.c:394 \n lookup_open fs/namei.c:3595 [inline] \n open_last_lookups fs/namei.c:3694 [inline] \n path_openat+0x1c03/0x3590 fs/namei.c:3930 \n do_filp_open+0x235/0x490 fs/namei.c:3960 \n do_sys_openat2+0x13e/0x1d0 fs/open.c:1415 \n do_sys_open fs/open.c:1430 [inline] \n __do_sys_openat fs/open.c:1446 [inline] \n __se_sys_openat fs/open.c:1441 [inline] \n __x64_sys_openat+0x247/0x2a0 fs/open.c:1441 \n do_syscall_x64 arch/x86/entry/common.c:52 [inline] \n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 \n entry_SYSCALL_64_after_hwframe+0x77/0x7f \nRIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534 \n \nThe root cause is: on a fuzzed image, blkaddr in nat entry may be \ncorrupted, then it will cause system panic when using it in \nf2fs_invalidate_blocks(), to avoid this, let's add sanity check on \nnat blkaddr in truncate_node(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T12:06:09.000000Z"}, {"uuid": "750a1bbc-8b74-4bde-9235-6a38ff06b9e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56691", "type": "seen", "source": "https://t.me/cvedetector/13840", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56691 - Intel Soc PMIC BXTWC Linux IRQ Domain Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56691 \nPublished : Dec. 28, 2024, 10:15 a.m. | 45\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device \n \nWhile design wise the idea of converting the driver to use \nthe hierarchy of the IRQ chips is correct, the implementation \nhas (inherited) flaws. This was unveiled when platform_get_irq() \nhad started WARN() on IRQ 0 that is supposed to be a Linux \nIRQ number (also known as vIRQ). \n \nRework the driver to respect IRQ domain when creating each MFD \ndevice separately, as the domain is not the same for all of them. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T12:06:08.000000Z"}, {"uuid": "5cfde06d-2d93-4d7f-9940-a0f048fda8c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56695", "type": "seen", "source": "https://t.me/cvedetector/13837", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56695 - AMDGPU Stack Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56695 \nPublished : Dec. 28, 2024, 10:15 a.m. | 45\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()' \n \nThe `kfd_get_cu_occupancy` function previously declared a large \n`cu_occupancy` array as a local variable, which could lead to stack \noverflows due to excessive stack usage. This commit replaces the static \narray allocation with dynamic memory allocation using `kcalloc`, \nthereby reducing the stack size. \n \nThis change avoids the risk of stack overflows in kernel space, in \nscenarios where `AMDGPU_MAX_QUEUES` is large. The allocated memory is \nfreed using `kfree` before the function returns to prevent memory \nleaks. \n \nFixes the below with gcc W=1: \ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c: In function \u2018kfd_get_cu_occupancy\u2019: \ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c:322:1: warning: the frame size of 1056 bytes is larger than 1024 bytes [-Wframe-larger-than=] \n 322 | } \n | ^ \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T12:06:03.000000Z"}, {"uuid": "5852a54e-0383-4af9-ad06-3f000c0efcd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56698", "type": "seen", "source": "https://t.me/cvedetector/13836", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56698 - Linux dwc3 Null Pointer Dereference\", \n \"Content\": \"CVE ID : CVE-2024-56698 \nPublished : Dec. 28, 2024, 10:15 a.m. | 44\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nusb: dwc3: gadget: Fix looping of queued SG entries \n \nThe dwc3_request->num_queued_sgs is decremented on completion. If a \npartially completed request is handled, then the \ndwc3_request->num_queued_sgs no longer reflects the total number of \nnum_queued_sgs (it would be cleared). \n \nCorrectly check the number of request SG entries remained to be prepare \nand queued. Failure to do this may cause null pointer dereference when \naccessing non-existent SG entry. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T12:06:02.000000Z"}, {"uuid": "0c882f4f-48d5-4539-80b5-ceb784da406a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56690", "type": "seen", "source": "https://t.me/cvedetector/13844", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56690 - Linux Kernel PCrypt Cryptographic Manipulation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56690 \nPublished : Dec. 28, 2024, 10:15 a.m. | 45\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ncrypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY \n \nSince commit 8f4f68e788c3 (\"crypto: pcrypt - Fix hungtask for \nPADATA_RESET\"), the pcrypt encryption and decryption operations return \n-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is \ngenerated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns \n-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1. \nFix this issue by calling crypto layer directly without parallelization \nin that case. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T12:06:48.000000Z"}, {"uuid": "a21248e8-ac2b-4682-b309-be3a477ee809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56697", "type": "seen", "source": "https://t.me/cvedetector/13835", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56697 - \"AMDGPU Linux Kernel Memory Allocation Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-56697 \nPublished : Dec. 28, 2024, 10:15 a.m. | 44\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() \n \nFix two issues with memory allocation in amdgpu_discovery_get_nps_info() \nfor mem_ranges: \n \n - Add a check for allocation failure to avoid dereferencing a null \n pointer. \n \n - As suggested by Christophe, use kvcalloc() for memory allocation, \n which checks for multiplication overflow. \n \nAdditionally, assign the output parameters nps_type and range_cnt after \nthe kvcalloc() call to prevent modifying the output parameters in case \nof an error return. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T12:06:01.000000Z"}, {"uuid": "fe0cc126-8959-4d43-8ccc-42f1cd33e4e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56699", "type": "seen", "source": "https://t.me/cvedetector/13831", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56699 - IBM zPCI Double Remove Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56699 \nPublished : Dec. 28, 2024, 10:15 a.m. | 44\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ns390/pci: Fix potential double remove of hotplug slot \n \nIn commit 6ee600bfbe0f (\"s390/pci: remove hotplug slot when releasing the \ndevice\") the zpci_exit_slot() was moved from zpci_device_reserved() to \nzpci_release_device() with the intention of keeping the hotplug slot \naround until the device is actually removed. \n \nNow zpci_release_device() is only called once all references are \ndropped. Since the zPCI subsystem only drops its reference once the \ndevice is in the reserved state it follows that zpci_release_device() \nmust only deal with devices in the reserved state. Despite that it \ncontains code to tear down from both configured and standby state. For \nthe standby case this already includes the removal of the hotplug slot \nso would cause a double removal if a device was ever removed in \neither configured or standby state. \n \nInstead of causing a potential double removal in a case that should \nnever happen explicitly WARN_ON() if a device in non-reserved state is \nreleased and get rid of the dead code cases. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T12:05:55.000000Z"}]}