<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 01:08:39 +0000</lastBuildDate>
    <item>
      <title>e5a17362-dc79-4a6b-8349-2371f5e4936a</title>
      <link>https://vulnerability.circl.lu/sighting/e5a17362-dc79-4a6b-8349-2371f5e4936a/export</link>
      <description>{"uuid": "e5a17362-dc79-4a6b-8349-2371f5e4936a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58089", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}</description>
      <content:encoded>{"uuid": "e5a17362-dc79-4a6b-8349-2371f5e4936a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58089", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e5a17362-dc79-4a6b-8349-2371f5e4936a/export</guid>
      <pubDate>Thu, 19 Mar 2026 00:00:00 +0000</pubDate>
    </item>
    <item>
      <title>4148e009-dbf4-40b5-bbbc-4dd242a8a78e</title>
      <link>https://vulnerability.circl.lu/sighting/4148e009-dbf4-40b5-bbbc-4dd242a8a78e/export</link>
      <description>{"uuid": "4148e009-dbf4-40b5-bbbc-4dd242a8a78e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-58089", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}</description>
      <content:encoded>{"uuid": "4148e009-dbf4-40b5-bbbc-4dd242a8a78e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-58089", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4148e009-dbf4-40b5-bbbc-4dd242a8a78e/export</guid>
      <pubDate>Wed, 03 Dec 2025 14:14:49 +0000</pubDate>
    </item>
    <item>
      <title>298327ba-98d3-4974-b58a-8dd44ea07129</title>
      <link>https://vulnerability.circl.lu/sighting/298327ba-98d3-4974-b58a-8dd44ea07129/export</link>
      <description>{"uuid": "298327ba-98d3-4974-b58a-8dd44ea07129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58083", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lwbhkuhc3x2p", "content": "", "creation_timestamp": "2025-08-13T09:00:00.078432Z"}</description>
      <content:encoded>{"uuid": "298327ba-98d3-4974-b58a-8dd44ea07129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58083", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lwbhkuhc3x2p", "content": "", "creation_timestamp": "2025-08-13T09:00:00.078432Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/298327ba-98d3-4974-b58a-8dd44ea07129/export</guid>
      <pubDate>Wed, 13 Aug 2025 09:00:00 +0000</pubDate>
    </item>
    <item>
      <title>5e5602b1-e11a-4561-a6e0-0ad6b79f51ba</title>
      <link>https://vulnerability.circl.lu/sighting/5e5602b1-e11a-4561-a6e0-0ad6b79f51ba/export</link>
      <description>{"uuid": "5e5602b1-e11a-4561-a6e0-0ad6b79f51ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58083", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lrqf52eqqk2p", "content": "", "creation_timestamp": "2025-06-16T16:20:28.471065Z"}</description>
      <content:encoded>{"uuid": "5e5602b1-e11a-4561-a6e0-0ad6b79f51ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58083", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lrqf52eqqk2p", "content": "", "creation_timestamp": "2025-06-16T16:20:28.471065Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5e5602b1-e11a-4561-a6e0-0ad6b79f51ba/export</guid>
      <pubDate>Mon, 16 Jun 2025 16:20:28 +0000</pubDate>
    </item>
    <item>
      <title>f294a356-775a-4489-8a12-adf224ecf9b0</title>
      <link>https://vulnerability.circl.lu/sighting/f294a356-775a-4489-8a12-adf224ecf9b0/export</link>
      <description>{"uuid": "f294a356-775a-4489-8a12-adf224ecf9b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58080", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14789", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58080\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we'll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n  [    3.388105] Call trace:\n  [    3.390664]  qcom_find_src_index+0x3c/0x70 (P)\n  [    3.395301]  qcom_find_src_index+0x1c/0x70 (L)\n  [    3.399934]  _freq_tbl_determine_rate+0x48/0x100\n  [    3.404753]  clk_rcg2_determine_rate+0x1c/0x28\n  [    3.409387]  clk_core_determine_round_nolock+0x58/0xe4\n  [    3.421414]  clk_core_round_rate_nolock+0x48/0xfc\n  [    3.432974]  clk_core_round_rate_nolock+0xd0/0xfc\n  [    3.444483]  clk_core_set_rate_nolock+0x8c/0x300\n  [    3.455886]  clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it's missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.\n\ud83d\udccf Published: 2025-03-06T16:13:43.414Z\n\ud83d\udccf Modified: 2025-05-04T10:09:31.843Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/3daca9050857220726732ad9d4a8512069386f46\n2. https://git.kernel.org/stable/c/3ad28517385e2821e8e43388d6a0b3e1ba0bc3ab\n3. https://git.kernel.org/stable/c/2dba8d5d423fa5f6f3a687aa6e0da5808f69091b\n4. https://git.kernel.org/stable/c/a1f15808adfd77268eac7fefce5378ad9fedbfba\n5. https://git.kernel.org/stable/c/d4cdb196f182d2fbe336c968228be00d8c3fed05", "creation_timestamp": "2025-05-04T11:19:09.000000Z"}</description>
      <content:encoded>{"uuid": "f294a356-775a-4489-8a12-adf224ecf9b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58080", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14789", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58080\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we'll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n  [    3.388105] Call trace:\n  [    3.390664]  qcom_find_src_index+0x3c/0x70 (P)\n  [    3.395301]  qcom_find_src_index+0x1c/0x70 (L)\n  [    3.399934]  _freq_tbl_determine_rate+0x48/0x100\n  [    3.404753]  clk_rcg2_determine_rate+0x1c/0x28\n  [    3.409387]  clk_core_determine_round_nolock+0x58/0xe4\n  [    3.421414]  clk_core_round_rate_nolock+0x48/0xfc\n  [    3.432974]  clk_core_round_rate_nolock+0xd0/0xfc\n  [    3.444483]  clk_core_set_rate_nolock+0x8c/0x300\n  [    3.455886]  clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it's missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.\n\ud83d\udccf Published: 2025-03-06T16:13:43.414Z\n\ud83d\udccf Modified: 2025-05-04T10:09:31.843Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/3daca9050857220726732ad9d4a8512069386f46\n2. https://git.kernel.org/stable/c/3ad28517385e2821e8e43388d6a0b3e1ba0bc3ab\n3. https://git.kernel.org/stable/c/2dba8d5d423fa5f6f3a687aa6e0da5808f69091b\n4. https://git.kernel.org/stable/c/a1f15808adfd77268eac7fefce5378ad9fedbfba\n5. https://git.kernel.org/stable/c/d4cdb196f182d2fbe336c968228be00d8c3fed05", "creation_timestamp": "2025-05-04T11:19:09.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f294a356-775a-4489-8a12-adf224ecf9b0/export</guid>
      <pubDate>Sun, 04 May 2025 11:19:09 +0000</pubDate>
    </item>
    <item>
      <title>a1f1098f-0b2e-4cf5-94a6-26272b2b50be</title>
      <link>https://vulnerability.circl.lu/sighting/a1f1098f-0b2e-4cf5-94a6-26272b2b50be/export</link>
      <description>{"uuid": "a1f1098f-0b2e-4cf5-94a6-26272b2b50be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58081", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14788", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58081\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mmp2: call pm_genpd_init() only after genpd.name is set\n\nSetting the genpd's struct device's name with dev_set_name() is\nhappening within pm_genpd_init(). If it remains NULL, things can blow up\nlater, such as when crafting the devfs hierarchy for the power domain:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n  ...\n  Call trace:\n   strlen from start_creating+0x90/0x138\n   start_creating from debugfs_create_dir+0x20/0x178\n   debugfs_create_dir from genpd_debug_add.part.0+0x4c/0x144\n   genpd_debug_add.part.0 from genpd_debug_init+0x74/0x90\n   genpd_debug_init from do_one_initcall+0x5c/0x244\n   do_one_initcall from kernel_init_freeable+0x19c/0x1f4\n   kernel_init_freeable from kernel_init+0x1c/0x12c\n   kernel_init from ret_from_fork+0x14/0x28\n\nBisecting tracks this crash back to commit 899f44531fe6 (\"pmdomain: core:\nAdd GENPD_FLAG_DEV_NAME_FW flag\"), which exchanges use of genpd-&amp;gt;name\nwith dev_name(&amp;amp;genpd-&amp;gt;dev) in genpd_debug_add.part().\n\ud83d\udccf Published: 2025-03-06T16:13:44.176Z\n\ud83d\udccf Modified: 2025-05-04T10:09:38.230Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/eca01d5911fb34218d10a58d8d9534b758c8fd0a\n2. https://git.kernel.org/stable/c/763517124e27b07fa300b486d7d13c5d563a215e\n3. https://git.kernel.org/stable/c/e24b15d4704dcb73920c3d18a6157abd18df08c1", "creation_timestamp": "2025-05-04T11:19:08.000000Z"}</description>
      <content:encoded>{"uuid": "a1f1098f-0b2e-4cf5-94a6-26272b2b50be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58081", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14788", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58081\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mmp2: call pm_genpd_init() only after genpd.name is set\n\nSetting the genpd's struct device's name with dev_set_name() is\nhappening within pm_genpd_init(). If it remains NULL, things can blow up\nlater, such as when crafting the devfs hierarchy for the power domain:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n  ...\n  Call trace:\n   strlen from start_creating+0x90/0x138\n   start_creating from debugfs_create_dir+0x20/0x178\n   debugfs_create_dir from genpd_debug_add.part.0+0x4c/0x144\n   genpd_debug_add.part.0 from genpd_debug_init+0x74/0x90\n   genpd_debug_init from do_one_initcall+0x5c/0x244\n   do_one_initcall from kernel_init_freeable+0x19c/0x1f4\n   kernel_init_freeable from kernel_init+0x1c/0x12c\n   kernel_init from ret_from_fork+0x14/0x28\n\nBisecting tracks this crash back to commit 899f44531fe6 (\"pmdomain: core:\nAdd GENPD_FLAG_DEV_NAME_FW flag\"), which exchanges use of genpd-&amp;gt;name\nwith dev_name(&amp;amp;genpd-&amp;gt;dev) in genpd_debug_add.part().\n\ud83d\udccf Published: 2025-03-06T16:13:44.176Z\n\ud83d\udccf Modified: 2025-05-04T10:09:38.230Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/eca01d5911fb34218d10a58d8d9534b758c8fd0a\n2. https://git.kernel.org/stable/c/763517124e27b07fa300b486d7d13c5d563a215e\n3. https://git.kernel.org/stable/c/e24b15d4704dcb73920c3d18a6157abd18df08c1", "creation_timestamp": "2025-05-04T11:19:08.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a1f1098f-0b2e-4cf5-94a6-26272b2b50be/export</guid>
      <pubDate>Sun, 04 May 2025 11:19:08 +0000</pubDate>
    </item>
    <item>
      <title>a7ea6bf5-ef3a-4101-86e3-af1f73c4bb7d</title>
      <link>https://vulnerability.circl.lu/sighting/a7ea6bf5-ef3a-4101-86e3-af1f73c4bb7d/export</link>
      <description>{"uuid": "a7ea6bf5-ef3a-4101-86e3-af1f73c4bb7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58082", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14787", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58082\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nuvoton: Fix an error check in npcm_video_ece_init()\n\nWhen function of_find_device_by_node() fails, it returns NULL instead of\nan error code. So the corresponding error check logic should be modified\nto check whether the return value is NULL and set the error code to be\nreturned as -ENODEV.\n\ud83d\udccf Published: 2025-03-06T16:13:44.896Z\n\ud83d\udccf Modified: 2025-05-04T10:09:39.779Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/bdd823b9d068284e1d998b962cfef29236365df3\n2. https://git.kernel.org/stable/c/c36b830754ae1dd1db41c27f57b29267878f9702\n3. https://git.kernel.org/stable/c/c4b7779abc6633677e6edb79e2809f4f61fde157", "creation_timestamp": "2025-05-04T11:19:07.000000Z"}</description>
      <content:encoded>{"uuid": "a7ea6bf5-ef3a-4101-86e3-af1f73c4bb7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58082", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14787", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58082\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nuvoton: Fix an error check in npcm_video_ece_init()\n\nWhen function of_find_device_by_node() fails, it returns NULL instead of\nan error code. So the corresponding error check logic should be modified\nto check whether the return value is NULL and set the error code to be\nreturned as -ENODEV.\n\ud83d\udccf Published: 2025-03-06T16:13:44.896Z\n\ud83d\udccf Modified: 2025-05-04T10:09:39.779Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/bdd823b9d068284e1d998b962cfef29236365df3\n2. https://git.kernel.org/stable/c/c36b830754ae1dd1db41c27f57b29267878f9702\n3. https://git.kernel.org/stable/c/c4b7779abc6633677e6edb79e2809f4f61fde157", "creation_timestamp": "2025-05-04T11:19:07.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a7ea6bf5-ef3a-4101-86e3-af1f73c4bb7d/export</guid>
      <pubDate>Sun, 04 May 2025 11:19:07 +0000</pubDate>
    </item>
    <item>
      <title>50418220-2aaa-44f7-8b22-0ebdd5ebafd9</title>
      <link>https://vulnerability.circl.lu/sighting/50418220-2aaa-44f7-8b22-0ebdd5ebafd9/export</link>
      <description>{"uuid": "50418220-2aaa-44f7-8b22-0ebdd5ebafd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58084", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14786", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58084\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()\n\nCommit 2e4955167ec5 (\"firmware: qcom: scm: Fix __scm and waitq\ncompletion variable initialization\") introduced a write barrier in probe\nfunction to store global '__scm' variable.  We all known barriers are\npaired (see memory-barriers.txt: \"Note that write barriers should\nnormally be paired with read or address-dependency barriers\"), therefore\naccessing it from concurrent contexts requires read barrier.  Previous\ncommit added such barrier in qcom_scm_is_available(), so let's use that\ndirectly.\n\nLack of this read barrier can result in fetching stale '__scm' variable\nvalue, NULL, and dereferencing it.\n\nNote that barrier in qcom_scm_is_available() satisfies here the control\ndependency.\n\ud83d\udccf Published: 2025-03-06T16:22:31.998Z\n\ud83d\udccf Modified: 2025-05-04T10:09:42.783Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/fee921e3c641f64185abee83f9a6e65f0b380682\n2. https://git.kernel.org/stable/c/e03db7c1255ebabba5e1a447754faeb138de15a2\n3. https://git.kernel.org/stable/c/b628510397b5cafa1f5d3e848a28affd1c635302", "creation_timestamp": "2025-05-04T11:19:05.000000Z"}</description>
      <content:encoded>{"uuid": "50418220-2aaa-44f7-8b22-0ebdd5ebafd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58084", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14786", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58084\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()\n\nCommit 2e4955167ec5 (\"firmware: qcom: scm: Fix __scm and waitq\ncompletion variable initialization\") introduced a write barrier in probe\nfunction to store global '__scm' variable.  We all known barriers are\npaired (see memory-barriers.txt: \"Note that write barriers should\nnormally be paired with read or address-dependency barriers\"), therefore\naccessing it from concurrent contexts requires read barrier.  Previous\ncommit added such barrier in qcom_scm_is_available(), so let's use that\ndirectly.\n\nLack of this read barrier can result in fetching stale '__scm' variable\nvalue, NULL, and dereferencing it.\n\nNote that barrier in qcom_scm_is_available() satisfies here the control\ndependency.\n\ud83d\udccf Published: 2025-03-06T16:22:31.998Z\n\ud83d\udccf Modified: 2025-05-04T10:09:42.783Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/fee921e3c641f64185abee83f9a6e65f0b380682\n2. https://git.kernel.org/stable/c/e03db7c1255ebabba5e1a447754faeb138de15a2\n3. https://git.kernel.org/stable/c/b628510397b5cafa1f5d3e848a28affd1c635302", "creation_timestamp": "2025-05-04T11:19:05.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/50418220-2aaa-44f7-8b22-0ebdd5ebafd9/export</guid>
      <pubDate>Sun, 04 May 2025 11:19:05 +0000</pubDate>
    </item>
    <item>
      <title>3661e020-5ffa-4973-abb0-ec42a5712654</title>
      <link>https://vulnerability.circl.lu/sighting/3661e020-5ffa-4973-abb0-ec42a5712654/export</link>
      <description>{"uuid": "3661e020-5ffa-4973-abb0-ec42a5712654", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58085", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14785", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58085\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don't emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.\n\ud83d\udccf Published: 2025-03-06T16:22:32.761Z\n\ud83d\udccf Modified: 2025-05-04T10:09:44.077Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c67efabddc73171c7771d3ffe4ffa1e503ee533e\n2. https://git.kernel.org/stable/c/f6b37b3e12de638753bce79a2858070b9c4a4ad3\n3. https://git.kernel.org/stable/c/b2bd5857a0d6973ebbcb4d9831ddcaebbd257be1\n4. https://git.kernel.org/stable/c/a01c200fa7eb59da4d2dbbb48b61f4a0d196c09f\n5. https://git.kernel.org/stable/c/fe1c021eb03dae0dc9dce55e81f77a60e419a27a\n6. https://git.kernel.org/stable/c/c9382f380e8d09209b8e5c0def0545852168be25\n7. https://git.kernel.org/stable/c/414705c0303350d139b1dc18f329fe47dfb642dd\n8. https://git.kernel.org/stable/c/3df7546fc03b8f004eee0b9e3256369f7d096685", "creation_timestamp": "2025-05-04T11:19:04.000000Z"}</description>
      <content:encoded>{"uuid": "3661e020-5ffa-4973-abb0-ec42a5712654", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58085", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14785", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58085\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don't emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.\n\ud83d\udccf Published: 2025-03-06T16:22:32.761Z\n\ud83d\udccf Modified: 2025-05-04T10:09:44.077Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c67efabddc73171c7771d3ffe4ffa1e503ee533e\n2. https://git.kernel.org/stable/c/f6b37b3e12de638753bce79a2858070b9c4a4ad3\n3. https://git.kernel.org/stable/c/b2bd5857a0d6973ebbcb4d9831ddcaebbd257be1\n4. https://git.kernel.org/stable/c/a01c200fa7eb59da4d2dbbb48b61f4a0d196c09f\n5. https://git.kernel.org/stable/c/fe1c021eb03dae0dc9dce55e81f77a60e419a27a\n6. https://git.kernel.org/stable/c/c9382f380e8d09209b8e5c0def0545852168be25\n7. https://git.kernel.org/stable/c/414705c0303350d139b1dc18f329fe47dfb642dd\n8. https://git.kernel.org/stable/c/3df7546fc03b8f004eee0b9e3256369f7d096685", "creation_timestamp": "2025-05-04T11:19:04.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3661e020-5ffa-4973-abb0-ec42a5712654/export</guid>
      <pubDate>Sun, 04 May 2025 11:19:04 +0000</pubDate>
    </item>
    <item>
      <title>63808183-224a-48e2-9412-1136be1beb5f</title>
      <link>https://vulnerability.circl.lu/sighting/63808183-224a-48e2-9412-1136be1beb5f/export</link>
      <description>{"uuid": "63808183-224a-48e2-9412-1136be1beb5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58086", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14784", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58086\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-&amp;gt;active_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-&amp;gt;active_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").\n\ud83d\udccf Published: 2025-03-06T16:28:23.042Z\n\ud83d\udccf Modified: 2025-05-04T10:09:45.730Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/22e19c8c5f6b709f4ae40227392a30d57bac187d\n2. https://git.kernel.org/stable/c/95036d4c01167568166108d42c2b0e9f8dbd7d2b\n3. https://git.kernel.org/stable/c/eb0e0eca0eab93f310c6c37b8564049366704691\n4. https://git.kernel.org/stable/c/1c5673a2c8926adbb61f340c779b28e18188a8cd\n5. https://git.kernel.org/stable/c/f8805b12f477bd964e2820a87921c7b58cc2dee3\n6. https://git.kernel.org/stable/c/21f1435b1e6b012a07c42f36b206d2b66fc8f13b", "creation_timestamp": "2025-05-04T11:19:03.000000Z"}</description>
      <content:encoded>{"uuid": "63808183-224a-48e2-9412-1136be1beb5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58086", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14784", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58086\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-&amp;gt;active_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-&amp;gt;active_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").\n\ud83d\udccf Published: 2025-03-06T16:28:23.042Z\n\ud83d\udccf Modified: 2025-05-04T10:09:45.730Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/22e19c8c5f6b709f4ae40227392a30d57bac187d\n2. https://git.kernel.org/stable/c/95036d4c01167568166108d42c2b0e9f8dbd7d2b\n3. https://git.kernel.org/stable/c/eb0e0eca0eab93f310c6c37b8564049366704691\n4. https://git.kernel.org/stable/c/1c5673a2c8926adbb61f340c779b28e18188a8cd\n5. https://git.kernel.org/stable/c/f8805b12f477bd964e2820a87921c7b58cc2dee3\n6. https://git.kernel.org/stable/c/21f1435b1e6b012a07c42f36b206d2b66fc8f13b", "creation_timestamp": "2025-05-04T11:19:03.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/63808183-224a-48e2-9412-1136be1beb5f/export</guid>
      <pubDate>Sun, 04 May 2025 11:19:03 +0000</pubDate>
    </item>
  </channel>
</rss>
