https://vulnerability.circl.lu/sightings/feed 2026-06-04T09:43:45.763223+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/019cd12b-2137-4110-b62b-25d35d74a0d5/export 2026-06-04T09:43:46.056191+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "019cd12b-2137-4110-b62b-25d35d74a0d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4891", "type": "seen", "source": "https://t.me/cibsecurity/56609", "content": "\u203c CVE-2022-4891 \u203c\n\nA vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function to_plain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-17T22:15:23.000000Z"} 2023-01-17T22:15:23+00:00 https://vulnerability.circl.lu/sighting/5bf93c91-2f5a-4d20-b76c-57bc32fe008e/export 2026-06-04T09:43:46.056112+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "5bf93c91-2f5a-4d20-b76c-57bc32fe008e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48911", "type": "seen", "source": "https://t.me/cvedetector/3856", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48911 - Linux Kernel Netfilter Use After Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-48911 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnetfilter: nf_queue: fix possible use-after-free \n \nEric Dumazet says: \n The sock_hold() side seems suspect, because there is no guarantee \n that sk_refcnt is not already 0. \n \nOn failure, we cannot queue the packet and need to indicate an \nerror. The packet will be dropped by the caller. \n \nv2: split skb prefetch hunk into separate change \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:07:56.000000Z"} 2024-08-22T05:07:56+00:00 https://vulnerability.circl.lu/sighting/c3e02e71-a7a8-4c10-87b9-6522c1ae0548/export 2026-06-04T09:43:46.056035+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "c3e02e71-a7a8-4c10-87b9-6522c1ae0548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48915", "type": "seen", "source": "https://t.me/cvedetector/3857", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48915 - Linux Thermal Zone NULL Pointer Dereference\", \n \"Content\": \"CVE ID : CVE-2022-48915 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nthermal: core: Fix TZ_GET_TRIP NULL pointer dereference \n \nDo not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if \nthe thermal zone does not define one. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:07:57.000000Z"} 2024-08-22T05:07:57+00:00 https://vulnerability.circl.lu/sighting/e854b969-eb36-489f-815e-df5d8ffebc88/export 2026-06-04T09:43:46.055938+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e854b969-eb36-489f-815e-df5d8ffebc88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48914", "type": "seen", "source": "https://t.me/cvedetector/3861", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48914 - Xen Netfront NULL Pointer Dereference\", \n \"Content\": \"CVE ID : CVE-2022-48914 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nxen/netfront: destroy queues before real_num_tx_queues is zeroed \n \nxennet_destroy_queues() relies on info->netdev->real_num_tx_queues to \ndelete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 \n(\"net-sysfs: update the queue counts in the unregistration path\"), \nunregister_netdev() indirectly sets real_num_tx_queues to 0. Those two \nfacts together means, that xennet_destroy_queues() called from \nxennet_remove() cannot do its job, because it's called after \nunregister_netdev(). This results in kfree-ing queues that are still \nlinked in napi, which ultimately crashes: \n \n BUG: kernel NULL pointer dereference, address: 0000000000000000 \n #PF: supervisor read access in kernel mode \n #PF: error_code(0x0000) - not-present page \n PGD 0 P4D 0 \n Oops: 0000 [#1] PREEMPT SMP PTI \n CPU: 1 PID: 52 Comm: xenwatch Tainted: G W 5.16.10-1.32.fc32.qubes.x86_64+ #226 \n RIP: 0010:free_netdev+0xa3/0x1a0 \n Code: ff 48 89 df e8 2e e9 00 00 48 8b 43 50 48 8b 08 48 8d b8 a0 fe ff ff 48 8d a9 a0 fe ff ff 49 39 c4 75 26 eb 47 e8 ed c1 66 ff 8b 85 60 01 00 00 48 8d 95 60 01 00 00 48 89 ef 48 2d 60 01 00 \n RSP: 0000:ffffc90000bcfd00 EFLAGS: 00010286 \n RAX: 0000000000000000 RBX: ffff88800edad000 RCX: 0000000000000000 \n RDX: 0000000000000001 RSI: ffffc90000bcfc30 RDI: 00000000ffffffff \n RBP: fffffffffffffea0 R08: 0000000000000000 R09: 0000000000000000 \n R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800edad050 \n R13: ffff8880065f8f88 R14: 0000000000000000 R15: ffff8880066c6680 \n FS: 0000000000000000(0000) GS:ffff8880f3300000(0000) knlGS:0000000000000000 \n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \n CR2: 0000000000000000 CR3: 00000000e998c006 CR4: 00000000003706e0 \n Call Trace: \n \n xennet_remove+0x13d/0x300 [xen_netfront] \n xenbus_dev_remove+0x6d/0xf0 \n __device_release_driver+0x17a/0x240 \n device_release_driver+0x24/0x30 \n bus_remove_device+0xd8/0x140 \n device_del+0x18b/0x410 \n ? _raw_spin_unlock+0x16/0x30 \n ? klist_iter_exit+0x14/0x20 \n ? xenbus_dev_request_and_reply+0x80/0x80 \n device_unregister+0x13/0x60 \n xenbus_dev_changed+0x18e/0x1f0 \n xenwatch_thread+0xc0/0x1a0 \n ? do_wait_intr_irq+0xa0/0xa0 \n kthread+0x16b/0x190 \n ? set_kthread_struct+0x40/0x40 \n ret_from_fork+0x22/0x30 \n \n \nFix this by calling xennet_destroy_queues() from xennet_uninit(), \nwhen real_num_tx_queues is still available. This ensures that queues are \ndestroyed when real_num_tx_queues is set to 0, regardless of how \nunregister_netdev() was called. \n \nOriginally reported at \n \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:08:03.000000Z"} 2024-08-22T05:08:03+00:00 https://vulnerability.circl.lu/sighting/ccb0c8b6-ea24-4220-ac70-f36fa2f6d9ce/export 2026-06-04T09:43:46.055840+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ccb0c8b6-ea24-4220-ac70-f36fa2f6d9ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48912", "type": "seen", "source": "https://t.me/cvedetector/3863", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48912 - Linux Kernel netfilter Use-After-Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-48912 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnetfilter: fix use-after-free in __nf_register_net_hook() \n \nWe must not dereference @new_hooks after nf_hook_mutex has been released, \nbecause other threads might have freed our allocated hooks already. \n \nBUG: KASAN: use-after-free in nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline] \nBUG: KASAN: use-after-free in hooks_validate net/netfilter/core.c:171 [inline] \nBUG: KASAN: use-after-free in __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438 \nRead of size 2 at addr ffff88801c1a8000 by task syz-executor237/4430 \n \nCPU: 1 PID: 4430 Comm: syz-executor237 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0 \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 \nCall Trace: \n \n __dump_stack lib/dump_stack.c:88 [inline] \n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 \n print_address_description.constprop.0.cold+0x8d/0x336 mm/kasan/report.c:255 \n __kasan_report mm/kasan/report.c:442 [inline] \n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 \n nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline] \n hooks_validate net/netfilter/core.c:171 [inline] \n __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438 \n nf_register_net_hook+0x114/0x170 net/netfilter/core.c:571 \n nf_register_net_hooks+0x59/0xc0 net/netfilter/core.c:587 \n nf_synproxy_ipv6_init+0x85/0xe0 net/netfilter/nf_synproxy_core.c:1218 \n synproxy_tg6_check+0x30d/0x560 net/ipv6/netfilter/ip6t_SYNPROXY.c:81 \n xt_check_target+0x26c/0x9e0 net/netfilter/x_tables.c:1038 \n check_target net/ipv6/netfilter/ip6_tables.c:530 [inline] \n find_check_entry.constprop.0+0x7f1/0x9e0 net/ipv6/netfilter/ip6_tables.c:573 \n translate_table+0xc8b/0x1750 net/ipv6/netfilter/ip6_tables.c:735 \n do_replace net/ipv6/netfilter/ip6_tables.c:1153 [inline] \n do_ip6t_set_ctl+0x56e/0xb90 net/ipv6/netfilter/ip6_tables.c:1639 \n nf_setsockopt+0x83/0xe0 net/netfilter/nf_sockopt.c:101 \n ipv6_setsockopt+0x122/0x180 net/ipv6/ipv6_sockglue.c:1024 \n rawv6_setsockopt+0xd3/0x6a0 net/ipv6/raw.c:1084 \n __sys_setsockopt+0x2db/0x610 net/socket.c:2180 \n __do_sys_setsockopt net/socket.c:2191 [inline] \n __se_sys_setsockopt net/socket.c:2188 [inline] \n __x64_sys_setsockopt+0xba/0x150 net/socket.c:2188 \n do_syscall_x64 arch/x86/entry/common.c:50 [inline] \n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 \n entry_SYSCALL_64_after_hwframe+0x44/0xae \nRIP: 0033:0x7f65a1ace7d9 \nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 \nRSP: 002b:00007f65a1a7f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 \nRAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f65a1ace7d9 \nRDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 \nRBP: 00007f65a1b574c8 R08: 0000000000000001 R09: 0000000000000000 \nR10: 0000000020000000 R11: 0000000000000246 R12: 00007f65a1b55130 \nR13: 00007f65a1b574c0 R14: 00007f65a1b24090 R15: 0000000000022000 \n \n \nThe buggy address belongs to the page: \npage:ffffea0000706a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c1a8 \nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) \nraw: 00fff00000000000 ffffea0001c1b108 ffffea000046dd08 0000000000000000 \nraw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 \npage dumped because: kasan: bad access detected \npage_owner tracks the page as freed \npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 4430, ts 1061781545818, free_ts 1061791488993 \n prep_new_page mm/page_alloc.c:2434 [inline] \n get_page_from_freelist+0xa72/0[...]", "creation_timestamp": "2024-08-22T05:08:04.000000Z"} 2024-08-22T05:08:04+00:00 https://vulnerability.circl.lu/sighting/8abfa2f3-5ad6-4684-84c1-b020d143c5f4/export 2026-06-04T09:43:46.055739+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8abfa2f3-5ad6-4684-84c1-b020d143c5f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48919", "type": "seen", "source": "https://t.me/cvedetector/3862", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48919 - Microsoft CIFS Double Free Use After Free\", \n \"Content\": \"CVE ID : CVE-2022-48919 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ncifs: fix double free race when mount fails in cifs_get_root() \n \nWhen cifs_get_root() fails during cifs_smb3_do_mount() we call \ndeactivate_locked_super() which eventually will call delayed_free() which \nwill free the context. \nIn this situation we should not proceed to enter the out: section in \ncifs_smb3_do_mount() and free the same resources a second time. \n \n[Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60 \n[Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0 \n \n[Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4 \n[Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019 \n[Thu Feb 10 12:59:06 2022] Call Trace: \n[Thu Feb 10 12:59:06 2022] \n[Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78 \n[Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150 \n[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 \n[Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117 \n[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 \n[Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0 \n[Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60 \n[Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0 \n[Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0 \n[Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20 \n[Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140 \n[Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10 \n[Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b \n[Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150 \n[Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30 \n[Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0 \n... \n[Thu Feb 10 12:59:07 2022] Freed by task 58179: \n[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 \n[Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30 \n[Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40 \n[Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170 \n[Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20 \n[Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0 \n[Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520 \n[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs] \n[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] \n[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 \n[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 \n[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 \n[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 \n[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae \n \n[Thu Feb 10 12:59:07 2022] Last potentially related work creation: \n[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 \n[Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0 \n[Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10 \n[Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0 \n[Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs] \n[Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs] \n[Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0 \n[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs] \n[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] \n[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 \n[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 \n[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 \n[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 \n[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:08:04.000000Z"} 2024-08-22T05:08:04+00:00 https://vulnerability.circl.lu/sighting/8e19e01e-3d89-4c6b-9769-672b15afebc0/export 2026-06-04T09:43:46.055637+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8e19e01e-3d89-4c6b-9769-672b15afebc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48918", "type": "seen", "source": "https://t.me/cvedetector/3865", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48918 - Dell Inspiron 15 5510 iwlwifi mvm NULL Pointer Dereference Bug\", \n \"Content\": \"CVE ID : CVE-2022-48918 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \niwlwifi: mvm: check debugfs_dir ptr before use \n \nWhen \"debugfs=off\" is used on the kernel command line, iwiwifi's \nmvm module uses an invalid/unchecked debugfs_dir pointer and causes \na BUG: \n \n BUG: kernel NULL pointer dereference, address: 000000000000004f \n #PF: supervisor read access in kernel mode \n #PF: error_code(0x0000) - not-present page \n PGD 0 P4D 0 \n Oops: 0000 [#1] PREEMPT SMP \n CPU: 1 PID: 503 Comm: modprobe Tainted: G W 5.17.0-rc5 #7 \n Hardware name: Dell Inc. Inspiron 15 5510/076F7Y, BIOS 2.4.1 11/05/2021 \n RIP: 0010:iwl_mvm_dbgfs_register+0x692/0x700 [iwlmvm] \n Code: 69 a0 be 80 01 00 00 48 c7 c7 50 73 6a a0 e8 95 cf ee e0 48 8b 83 b0 1e 00 00 48 c7 c2 54 73 6a a0 be 64 00 00 00 48 8d 7d 8c 8b 48 50 e8 15 22 07 e1 48 8b 43 28 48 8d 55 8c 48 c7 c7 5f 73 \n RSP: 0018:ffffc90000a0ba68 EFLAGS: 00010246 \n RAX: ffffffffffffffff RBX: ffff88817d6e3328 RCX: ffff88817d6e3328 \n RDX: ffffffffa06a7354 RSI: 0000000000000064 RDI: ffffc90000a0ba6c \n RBP: ffffc90000a0bae0 R08: ffffffff824e4880 R09: ffffffffa069d620 \n R10: ffffc90000a0ba00 R11: ffffffffffffffff R12: 0000000000000000 \n R13: ffffc90000a0bb28 R14: ffff88817d6e3328 R15: ffff88817d6e3320 \n FS: 00007f64dd92d740(0000) GS:ffff88847f640000(0000) knlGS:0000000000000000 \n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \n CR2: 000000000000004f CR3: 000000016fc79001 CR4: 0000000000770ee0 \n PKRU: 55555554 \n Call Trace: \n \n ? iwl_mvm_mac_setup_register+0xbdc/0xda0 [iwlmvm] \n iwl_mvm_start_post_nvm+0x71/0x100 [iwlmvm] \n iwl_op_mode_mvm_start+0xab8/0xb30 [iwlmvm] \n _iwl_op_mode_start+0x6f/0xd0 [iwlwifi] \n iwl_opmode_register+0x6a/0xe0 [iwlwifi] \n ? 0xffffffffa0231000 \n iwl_mvm_init+0x35/0x1000 [iwlmvm] \n ? 0xffffffffa0231000 \n do_one_initcall+0x5a/0x1b0 \n ? kmem_cache_alloc+0x1e5/0x2f0 \n ? do_init_module+0x1e/0x220 \n do_init_module+0x48/0x220 \n load_module+0x2602/0x2bc0 \n ? __kernel_read+0x145/0x2e0 \n ? kernel_read_file+0x229/0x290 \n __do_sys_finit_module+0xc5/0x130 \n ? __do_sys_finit_module+0xc5/0x130 \n __x64_sys_finit_module+0x13/0x20 \n do_syscall_64+0x38/0x90 \n entry_SYSCALL_64_after_hwframe+0x44/0xae \n RIP: 0033:0x7f64dda564dd \n Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1b 29 0f 00 f7 d8 64 89 01 48 \n RSP: 002b:00007ffdba393f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 \n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64dda564dd \n RDX: 0000000000000000 RSI: 00005575399e2ab2 RDI: 0000000000000001 \n RBP: 000055753a91c5e0 R08: 0000000000000000 R09: 0000000000000002 \n R10: 0000000000000001 R11: 0000000000000246 R12: 00005575399e2ab2 \n R13: 000055753a91ceb0 R14: 0000000000000000 R15: 000055753a923018 \n \n Modules linked in: btintel(+) btmtk bluetooth vfat snd_hda_codec_hdmi fat snd_hda_codec_realtek snd_hda_codec_generic iwlmvm(+) snd_sof_pci_intel_tgl mac80211 snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence soundwire_bus snd_sof_intel_hda snd_sof_pci snd_sof snd_sof_xtensa_dsp snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core btrfs snd_compress snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec raid6_pq iwlwifi snd_hda_core snd_pcm snd_timer snd soundcore cfg80211 intel_ish_ipc(+) thunderbolt rfkill intel_ishtp ucsi_acpi wmi i2c_hid_acpi i2c_hid evdev \n CR2: 000000000000004f \n ---[ end trace 0000000000000000 ]--- \n \nCheck the debugfs_dir pointer for an error before using it. \n \n[change to make both conditional] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, tim[...]", "creation_timestamp": "2024-08-22T05:08:09.000000Z"} 2024-08-22T05:08:09+00:00 https://vulnerability.circl.lu/sighting/2627c48a-8164-4c39-8115-831ad860740a/export 2026-06-04T09:43:46.055520+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "2627c48a-8164-4c39-8115-831ad860740a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48910", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/3867", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48910 - Apache Linux kernel IPv6 Address Configuration Memory Leak\", \n \"Content\": \"CVE ID : CVE-2022-48910 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: ipv6: ensure we call ipv6_mc_down() at most once \n \nThere are two reasons for addrconf_notify() to be called with NETDEV_DOWN: \neither the network device is actually going down, or IPv6 was disabled \non the interface. \n \nIf either of them stays down while the other is toggled, we repeatedly \ncall the code for NETDEV_DOWN, including ipv6_mc_down(), while never \ncalling the corresponding ipv6_mc_up() in between. This will cause a \nnew entry in idev->mc_tomb to be allocated for each multicast group \nthe interface is subscribed to, which in turn leaks one struct ifmcaddr6 \nper nontrivial multicast group the interface is subscribed to. \n \nThe following reproducer will leak at least $n objects: \n \nip addr add ff2e::4242/32 dev eth0 autojoin \nsysctl -w net.ipv6.conf.eth0.disable_ipv6=1 \nfor i in $(seq 1 $n); do \n ip link set up eth0; ip link set down eth0 \ndone \n \nJoining groups with IPV6_ADD_MEMBERSHIP (unprivileged) or setting the \nsysctl net.ipv6.conf.eth0.forwarding to 1 (=> subscribing to ff02::2) \ncan also be used to create a nontrivial idev->mc_list, which will the \nleak objects with the right up-down-sequence. \n \nBased on both sources for NETDEV_DOWN events the interface IPv6 state \nshould be considered: \n \n - not ready if the network interface is not ready OR IPv6 is disabled \n for it \n - ready if the network interface is ready AND IPv6 is enabled for it \n \nThe functions ipv6_mc_up() and ipv6_down() should only be run when this \nstate changes. \n \nImplement this by remembering when the IPv6 state is ready, and only \nrun ipv6_mc_down() if it actually changed from ready to not ready. \n \nThe other direction (not ready -> ready) already works correctly, as: \n \n - the interface notification triggered codepath for NETDEV_UP / \n NETDEV_CHANGE returns early if ipv6 is disabled, and \n - the disable_ipv6=0 triggered codepath skips fully initializing the \n interface as long as addrconf_link_ready(dev) returns false \n - calling ipv6_mc_up() repeatedly does not leak anything \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:08:11.000000Z"} 2024-08-22T05:08:11+00:00 https://vulnerability.circl.lu/sighting/22cd1cc6-fc6c-4951-b889-33df559401e7/export 2026-06-04T09:43:46.055384+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "22cd1cc6-fc6c-4951-b889-33df559401e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48917", "type": "seen", "source": "https://t.me/cvedetector/3868", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48917 - \"Realtek ASoC: Integer Underflow\"\", \n \"Content\": \"CVE ID : CVE-2022-48917 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nASoC: ops: Shift tested values in snd_soc_put_volsw() by +min \n \nWhile the $val/$val2 values passed in from userspace are always >= 0 \nintegers, the limits of the control can be signed integers and the $min \ncan be non-zero and less than zero. To correctly validate $val/$val2 \nagainst platform_max, add the $min offset to val first. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:08:12.000000Z"} 2024-08-22T05:08:12+00:00 https://vulnerability.circl.lu/sighting/f5f2160b-dc62-424e-8140-fb4dc833e22d/export 2026-06-04T09:43:46.053235+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f5f2160b-dc62-424e-8140-fb4dc833e22d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48916", "type": "seen", "source": "https://t.me/cvedetector/3870", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48916 - Intel VMD IOMMU Scalable Mode Double List Add Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-48916 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \niommu/vt-d: Fix double list_add when enabling VMD in scalable mode \n \nWhen enabling VMD and IOMMU scalable mode, the following kernel panic \ncall trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids \nCPU) during booting: \n \npci 0000:59:00.5: Adding to iommu group 42 \n... \nvmd 0000:59:00.5: PCI host bridge to bus 10000:80 \npci 10000:80:01.0: [8086:352a] type 01 class 0x060400 \npci 10000:80:01.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit] \npci 10000:80:01.0: enabling Extended Tags \npci 10000:80:01.0: PME# supported from D0 D3hot D3cold \npci 10000:80:01.0: DMAR: Setup RID2PASID failed \npci 10000:80:01.0: Failed to add to iommu group 42: -16 \npci 10000:80:03.0: [8086:352b] type 01 class 0x060400 \npci 10000:80:03.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit] \npci 10000:80:03.0: enabling Extended Tags \npci 10000:80:03.0: PME# supported from D0 D3hot D3cold \n------------[ cut here ]------------ \nkernel BUG at lib/list_debug.c:29! \ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI \nCPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.17.0-rc3+ #7 \nHardware name: Lenovo ThinkSystem SR650V3/SB27A86647, BIOS ESE101Y-1.00 01/13/2022 \nWorkqueue: events work_for_cpu_fn \nRIP: 0010:__list_add_valid.cold+0x26/0x3f \nCode: 9a 4a ab ff 4c 89 c1 48 c7 c7 40 0c d9 9e e8 b9 b1 fe ff 0f \n 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 f0 0c d9 9e e8 a2 b1 \n fe ff 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 98 0c d9 \n 9e e8 8b b1 fe \nRSP: 0000:ff5ad434865b3a40 EFLAGS: 00010246 \nRAX: 0000000000000058 RBX: ff4d61160b74b880 RCX: ff4d61255e1fffa8 \nRDX: 0000000000000000 RSI: 00000000fffeffff RDI: ffffffff9fd34f20 \nRBP: ff4d611d8e245c00 R08: 0000000000000000 R09: ff5ad434865b3888 \nR10: ff5ad434865b3880 R11: ff4d61257fdc6fe8 R12: ff4d61160b74b8a0 \nR13: ff4d61160b74b8a0 R14: ff4d611d8e245c10 R15: ff4d611d8001ba70 \nFS: 0000000000000000(0000) GS:ff4d611d5ea00000(0000) knlGS:0000000000000000 \nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \nCR2: ff4d611fa1401000 CR3: 0000000aa0210001 CR4: 0000000000771ef0 \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 \nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 \nPKRU: 55555554 \nCall Trace: \n \n intel_pasid_alloc_table+0x9c/0x1d0 \n dmar_insert_one_dev_info+0x423/0x540 \n ? device_to_iommu+0x12d/0x2f0 \n intel_iommu_attach_device+0x116/0x290 \n __iommu_attach_device+0x1a/0x90 \n iommu_group_add_device+0x190/0x2c0 \n __iommu_probe_device+0x13e/0x250 \n iommu_probe_device+0x24/0x150 \n iommu_bus_notifier+0x69/0x90 \n blocking_notifier_call_chain+0x5a/0x80 \n device_add+0x3db/0x7b0 \n ? arch_memremap_can_ram_remap+0x19/0x50 \n ? memremap+0x75/0x140 \n pci_device_add+0x193/0x1d0 \n pci_scan_single_device+0xb9/0xf0 \n pci_scan_slot+0x4c/0x110 \n pci_scan_child_bus_extend+0x3a/0x290 \n vmd_enable_domain.constprop.0+0x63e/0x820 \n vmd_probe+0x163/0x190 \n local_pci_probe+0x42/0x80 \n work_for_cpu_fn+0x13/0x20 \n process_one_work+0x1e2/0x3b0 \n worker_thread+0x1c4/0x3a0 \n ? rescuer_thread+0x370/0x370 \n kthread+0xc7/0xf0 \n ? kthread_complete_and_exit+0x20/0x20 \n ret_from_fork+0x1f/0x30 \n \nModules linked in: \n---[ end trace 0000000000000000 ]--- \n... \nKernel panic - not syncing: Fatal exception \nKernel Offset: 0x1ca00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) \n---[ end Kernel panic - not syncing: Fatal exception ]--- \n \nThe following 'lspci' output shows devices '10000:80:*' are subdevices of \nthe VMD device 0000:59:00.5: \n \n $ lspci \n ... \n 0000:59:00.5 RAID bus controller: Intel Corporation Volume Management Device NVMe RAID Controller (rev 20) \n ... \n 10000:80:01.0 PCI bridge: Intel Corporation Device 352a (rev 03) \n 10000:80[...]", "creation_timestamp": "2024-08-22T05:08:51.000000Z"} 2024-08-22T05:08:51+00:00