Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 28 May 2026 07:56:34 +0000 433e5e63-7154-4730-ba43-59ebafa961c4 https://vulnerability.circl.lu/sighting/433e5e63-7154-4730-ba43-59ebafa961c4/export {"uuid": "433e5e63-7154-4730-ba43-59ebafa961c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58099", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13799", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58099\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame\n\nAndrew and Nikolay reported connectivity issues with Cilium's service\nload-balancing in case of vmxnet3.\n\nIf a BPF program for native XDP adds an encapsulation header such as\nIPIP and transmits the packet out the same interface, then in case\nof vmxnet3 a corrupted packet is being sent and subsequently dropped\non the path.\n\nvmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp()\nthrough vmxnet3_xdp_xmit_back() calculates an incorrect DMA address:\n\n page = virt_to_page(xdpf->data);\n tbi->dma_addr = page_pool_get_dma_addr(page) +\n VMXNET3_XDP_HEADROOM;\n dma_sync_single_for_device(&adapter->pdev->dev,\n tbi->dma_addr, buf_size,\n DMA_TO_DEVICE);\n\nThe above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP\nBPF program could have moved xdp->data. While the passed buf_size is\ncorrect (xdpf->len), the dma_addr needs to have a dynamic offset which\ncan be calculated as xdpf->data - (void *)xdpf, that is, xdp->data -\nxdp->data_hard_start.\n\ud83d\udccf Published: 2025-04-29T11:45:30.997Z\n\ud83d\udccf Modified: 2025-04-29T11:45:30.997Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/59ba6cdadb9c26b606a365eb9c9b25eb2052622d\n2. https://git.kernel.org/stable/c/f82eb34fb59a8fb96c19f4f492c20eb774140bb5\n3. https://git.kernel.org/stable/c/4678adf94da4a9e9683817b246b58ce15fb81782", "creation_timestamp": "2025-04-29T12:12:30.000000Z"} {"uuid": "433e5e63-7154-4730-ba43-59ebafa961c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58099", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13799", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58099\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame\n\nAndrew and Nikolay reported connectivity issues with Cilium's service\nload-balancing in case of vmxnet3.\n\nIf a BPF program for native XDP adds an encapsulation header such as\nIPIP and transmits the packet out the same interface, then in case\nof vmxnet3 a corrupted packet is being sent and subsequently dropped\non the path.\n\nvmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp()\nthrough vmxnet3_xdp_xmit_back() calculates an incorrect DMA address:\n\n page = virt_to_page(xdpf->data);\n tbi->dma_addr = page_pool_get_dma_addr(page) +\n VMXNET3_XDP_HEADROOM;\n dma_sync_single_for_device(&adapter->pdev->dev,\n tbi->dma_addr, buf_size,\n DMA_TO_DEVICE);\n\nThe above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP\nBPF program could have moved xdp->data. While the passed buf_size is\ncorrect (xdpf->len), the dma_addr needs to have a dynamic offset which\ncan be calculated as xdpf->data - (void *)xdpf, that is, xdp->data -\nxdp->data_hard_start.\n\ud83d\udccf Published: 2025-04-29T11:45:30.997Z\n\ud83d\udccf Modified: 2025-04-29T11:45:30.997Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/59ba6cdadb9c26b606a365eb9c9b25eb2052622d\n2. https://git.kernel.org/stable/c/f82eb34fb59a8fb96c19f4f492c20eb774140bb5\n3. https://git.kernel.org/stable/c/4678adf94da4a9e9683817b246b58ce15fb81782", "creation_timestamp": "2025-04-29T12:12:30.000000Z"} https://vulnerability.circl.lu/sighting/433e5e63-7154-4730-ba43-59ebafa961c4/export Tue, 29 Apr 2025 12:12:30 +0000 110815e0-d952-4e01-893e-f104b86d3068 https://vulnerability.circl.lu/sighting/110815e0-d952-4e01-893e-f104b86d3068/export {"uuid": "110815e0-d952-4e01-893e-f104b86d3068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58099", "type": "seen", "source": "https://t.me/cvedetector/23990", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-58099 - \"VMXNET3 DMA Address Calculation Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-58099 \nPublished : April 29, 2025, 12:15 p.m. | 17\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nvmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame \n \nAndrew and Nikolay reported connectivity issues with Cilium's service \nload-balancing in case of vmxnet3. \n \nIf a BPF program for native XDP adds an encapsulation header such as \nIPIP and transmits the packet out the same interface, then in case \nof vmxnet3 a corrupted packet is being sent and subsequently dropped \non the path. \n \nvmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp() \nthrough vmxnet3_xdp_xmit_back() calculates an incorrect DMA address: \n \n page = virt_to_page(xdpf->data); \n tbi->dma_addr = page_pool_get_dma_addr(page) + \n VMXNET3_XDP_HEADROOM; \n dma_sync_single_for_device(&adapter->pdev->dev, \n tbi->dma_addr, buf_size, \n DMA_TO_DEVICE); \n \nThe above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP \nBPF program could have moved xdp->data. While the passed buf_size is \ncorrect (xdpf->len), the dma_addr needs to have a dynamic offset which \ncan be calculated as xdpf->data - (void *)xdpf, that is, xdp->data - \nxdp->data_hard_start. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"29 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T15:09:22.000000Z"} {"uuid": "110815e0-d952-4e01-893e-f104b86d3068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58099", "type": "seen", "source": "https://t.me/cvedetector/23990", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-58099 - \"VMXNET3 DMA Address Calculation Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-58099 \nPublished : April 29, 2025, 12:15 p.m. | 17\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nvmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame \n \nAndrew and Nikolay reported connectivity issues with Cilium's service \nload-balancing in case of vmxnet3. \n \nIf a BPF program for native XDP adds an encapsulation header such as \nIPIP and transmits the packet out the same interface, then in case \nof vmxnet3 a corrupted packet is being sent and subsequently dropped \non the path. \n \nvmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp() \nthrough vmxnet3_xdp_xmit_back() calculates an incorrect DMA address: \n \n page = virt_to_page(xdpf->data); \n tbi->dma_addr = page_pool_get_dma_addr(page) + \n VMXNET3_XDP_HEADROOM; \n dma_sync_single_for_device(&adapter->pdev->dev, \n tbi->dma_addr, buf_size, \n DMA_TO_DEVICE); \n \nThe above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP \nBPF program could have moved xdp->data. While the passed buf_size is \ncorrect (xdpf->len), the dma_addr needs to have a dynamic offset which \ncan be calculated as xdpf->data - (void *)xdpf, that is, xdp->data - \nxdp->data_hard_start. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"29 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T15:09:22.000000Z"} https://vulnerability.circl.lu/sighting/110815e0-d952-4e01-893e-f104b86d3068/export Tue, 29 Apr 2025 15:09:22 +0000