{"vulnerability": "cve-2024-4231", "sightings": [{"uuid": "80a836bd-cb1a-465a-9c2c-05bb437aa7cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-42319", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "a14a9709-04a1-4d20-a632-9a63dac9e4d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-42319", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "63880810-3634-417e-bf1b-5bf47f6861be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42314", "type": "seen", "source": "https://t.me/cvedetector/3397", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42314 - Linux Kernel Btrfs Use-After-Free\", \n \"Content\": \"CVE ID : CVE-2024-42314 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbtrfs: fix extent map use-after-free when adding pages to compressed bio \n \nAt add_ra_bio_pages() we are accessing the extent map to calculate \n'add_size' after we dropped our reference on the extent map, resulting \nin a use-after-free. Fix this by computing 'add_size' before dropping our \nextent map reference. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:17:57.000000Z"}, {"uuid": "dd7a630a-26e6-4b08-9011-4ce2263b792f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-42312", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "76afb6f5-a9d1-4601-8d2a-ff631d09e751", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-42316", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "c1a4c352-f3f7-4f73-a931-cf0f0e8c7b29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42311", "type": "seen", "source": "https://t.me/cvedetector/3402", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42311 - Apple HFS Uninitialized Field [] (Note: I'm assuming the product name is \"Apple\" as it seems to be related to the HFS file system, which is used by Apple products.)\", \n \"Content\": \"CVE ID : CVE-2024-42311 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() \n \nSyzbot reports uninitialized value access issue as below: \n \nloop0: detected capacity change from 0 to 64 \n===================================================== \nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 \n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 \n d_revalidate fs/namei.c:862 [inline] \n lookup_fast+0x89e/0x8e0 fs/namei.c:1649 \n walk_component fs/namei.c:2001 [inline] \n link_path_walk+0x817/0x1480 fs/namei.c:2332 \n path_lookupat+0xd9/0x6f0 fs/namei.c:2485 \n filename_lookup+0x22e/0x740 fs/namei.c:2515 \n user_path_at_empty+0x8b/0x390 fs/namei.c:2924 \n user_path_at include/linux/namei.h:57 [inline] \n do_mount fs/namespace.c:3689 [inline] \n __do_sys_mount fs/namespace.c:3898 [inline] \n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875 \n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875 \n do_syscall_x64 arch/x86/entry/common.c:52 [inline] \n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 \n entry_SYSCALL_64_after_hwframe+0x63/0x6b \n \nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline] \nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 \n hfs_ext_read_extent fs/hfs/extent.c:196 [inline] \n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 \n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271 \n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39 \n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426 \n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553 \n do_read_cache_page mm/filemap.c:3595 [inline] \n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604 \n read_mapping_page include/linux/pagemap.h:755 [inline] \n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78 \n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204 \n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406 \n mount_bdev+0x628/0x920 fs/super.c:1359 \n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456 \n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610 \n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489 \n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145 \n path_mount+0xf98/0x26a0 fs/namespace.c:3475 \n do_mount fs/namespace.c:3488 [inline] \n __do_sys_mount fs/namespace.c:3697 [inline] \n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674 \n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674 \n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] \n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 \n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 \n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 \n entry_SYSENTER_compat_after_hwframe+0x70/0x82 \n \nUninit was created at: \n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590 \n __alloc_pages_node include/linux/gfp.h:238 [inline] \n alloc_pages_node include/linux/gfp.h:261 [inline] \n alloc_slab_page mm/slub.c:2190 [inline] \n allocate_slab mm/slub.c:2354 [inline] \n new_slab+0x2d7/0x1400 mm/slub.c:2407 \n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540 \n __slab_alloc mm/slub.c:3625 [inline] \n __slab_alloc_node mm/slub.c:3678 [inline] \n slab_alloc_node mm/slub.c:3850 [inline] \n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879 \n alloc_inode_sb include/linux/fs.h:3018 [inline] \n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165 \n alloc_inode+0x83/0x440 fs/inode.c:260 \n new_inode_pseudo fs/inode.c:1005 [inline] \n new_inode+0x38/0x4f0 fs/inode.c:1031 \n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186 \n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228 \n vfs_mkdir+0x49a/0x700 fs/namei.c:4126 \n do_mkdirat+0x529/0x810 fs/namei.c:4149 \n __do_sys_mkdirat fs/namei.c:4164 [inline] \n __se_sys_mkdirat fs/namei.c:4162 [inline] \n __x64_sys_mkd[...]", "creation_timestamp": "2024-08-17T12:18:05.000000Z"}, {"uuid": "1aaf0f18-594e-480e-b6ee-2a755a287e08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42317", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/3400", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42317 - ARM64 Linux kernel Huge Memory xarray Page Cache Size Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-42317 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmm/huge_memory: avoid PMD-size page cache if needed \n \nxarray can't support arbitrary page cache size. the largest and supported \npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71 \n(\"mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray\"). However, \nit's possible to have 512MB page cache in the huge memory's collapsing \npath on ARM64 system whose base page size is 64KB. 512MB page cache is \nbreaking the limitation and a warning is raised when the xarray entry is \nsplit as shown in the following example. \n \n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize \nKernelPageSize: 64 kB \n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c \n : \nint main(int argc, char **argv) \n{ \n const char *filename = TEST_XFS_FILENAME; \n int fd = 0; \n void *buf = (void *)-1, *p; \n int pgsize = getpagesize(); \n int ret = 0; \n \n if (pgsize != 0x10000) { \n fprintf(stdout, \"System with 64KB base page size is required!\\n\"); \n return -EPERM; \n } \n \n system(\"echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb\"); \n system(\"echo 1 > /proc/sys/vm/drop_caches\"); \n \n /* Open the xfs file */ \n fd = open(filename, O_RDONLY); \n assert(fd > 0); \n \n /* Create VMA */ \n buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0); \n assert(buf != (void *)-1); \n fprintf(stdout, \"mapped buffer at 0x%p\\n\", buf); \n \n /* Populate VMA */ \n ret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE); \n assert(ret == 0); \n ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ); \n assert(ret == 0); \n \n /* Collapse VMA */ \n ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); \n assert(ret == 0); \n ret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE); \n if (ret) { \n fprintf(stdout, \"Error %d to madvise(MADV_COLLAPSE)\\n\", errno); \n goto out; \n } \n \n /* Split xarray entry. Write permission is needed */ \n munmap(buf, TEST_MEM_SIZE); \n buf = (void *)-1; \n close(fd); \n fd = open(filename, O_RDWR); \n assert(fd > 0); \n fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, \n TEST_MEM_SIZE - pgsize, pgsize); \nout: \n if (buf != (void *)-1) \n munmap(buf, TEST_MEM_SIZE); \n if (fd > 0) \n close(fd); \n \n return ret; \n} \n \n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test \n[root@dhcp-10-26-1-207 ~]# /tmp/test \n ------------[ cut here ]------------ \n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 \n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \\ \n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \\ \n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\ \n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \\ \n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \\ \n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio \n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9 \n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 \n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) \n pc : xas_split_alloc+0xf8/0x128 \n lr : split_huge_page_to_list_to_order+0x1c4/0x780 \n sp : ffff8000ac32f660 \n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0 \n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d \n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000 \n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000 \n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000 \n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 \n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c \n x8 : 0000000000000003 x7 : 0000000000000000 x6 [...]", "creation_timestamp": "2024-08-17T12:18:03.000000Z"}, {"uuid": "4dc3f953-9776-46c6-be72-31e95172fd50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42312", "type": "seen", "source": "https://t.me/cvedetector/3399", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42312 - Linux Kernel sysctl i_uid/i_gid Information Disclosure\", \n \"Content\": \"CVE ID : CVE-2024-42312 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nsysctl: always initialize i_uid/i_gid \n \nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership() \ncan safely skip setting them. \n \nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of \ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when \nset_ownership() was not implemented. It also missed adjusting \nnet_ctl_set_ownership() to use the same default values in case the \ncomputation of a better value failed. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:18:02.000000Z"}, {"uuid": "90bf469b-3c87-4898-919a-4ef7e352233f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42318", "type": "seen", "source": "https://t.me/cvedetector/3398", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42318 - Linux Landlock Credential Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-42318 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nlandlock: Don't lose track of restrictions on cred_transfer \n \nWhen a process' cred struct is replaced, this _almost_ always invokes \nthe cred_prepare LSM hook; but in one special case (when \nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the \ncred_transfer LSM hook is used instead. Landlock only implements the \ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes \nall information on Landlock restrictions to be lost. \n \nThis basically means that a process with the ability to use the fork() \nand keyctl() syscalls can get rid of all Landlock restrictions on \nitself. \n \nFix it by adding a cred_transfer hook that does the same thing as the \nexisting cred_prepare hook. (Implemented by having hook_cred_prepare() \ncall hook_cred_transfer() so that the two functions are less likely to \naccidentally diverge in the future.) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:18:01.000000Z"}, {"uuid": "f841699d-b9ac-4963-9a06-aede3bedf940", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42319", "type": "seen", "source": "https://t.me/cvedetector/3396", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42319 - \"Linux Kernel MTK-CMDQ Mailbox Controller Privilege Escalation\"\", \n \"Content\": \"CVE ID : CVE-2024-42319 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() \n \nWhen mtk-cmdq unbinds, a WARN_ON message with condition \npm_runtime_get_sync() Severity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:17:56.000000Z"}, {"uuid": "4efc209c-b72d-466d-a5ec-c34a3f69ed9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42316", "type": "seen", "source": "https://t.me/cvedetector/3395", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42316 - Linux Kernel Zero-Division Vulnerability in VMware Memory Management\", \n \"Content\": \"CVE ID : CVE-2024-42316 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmm/mglru: fix div-by-zero in vmpressure_calc_level() \n \nevict_folios() uses a second pass to reclaim folios that have gone through \npage writeback and become clean before it finishes the first pass, since \nfolio_rotate_reclaimable() cannot handle those folios due to the \nisolation. \n \nThe second pass tries to avoid potential double counting by deducting \nscan_control->nr_scanned. However, this can result in underflow of \nnr_scanned, under a condition where shrink_folio_list() does not increment \nnr_scanned, i.e., when folio_trylock() fails. \n \nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in \nvmpressure_calc_level(), to become zero, resulting in the following crash: \n \n [exception RIP: vmpressure_work_fn+101] \n process_one_work at ffffffffa3313f2b \n \nSince scan_control->nr_scanned has no established semantics, the potential \ndouble counting has minimal risks. Therefore, fix the problem by not \ndeducting scan_control->nr_scanned in evict_folios(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:17:55.000000Z"}, {"uuid": "8efa1f90-4a36-4cff-b970-7c6cab6a4910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42313", "type": "seen", "source": "https://t.me/cvedetector/3392", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42313 - Qualcomm Venus Linux Kernel Use After Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-42313 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmedia: venus: fix use after free in vdec_close \n \nThere appears to be a possible use after free with vdec_close(). \nThe firmware will add buffer release work to the work queue through \nHFI callbacks as a normal part of decoding. Randomly closing the \ndecoder device from userspace during normal decoding can incur \na read after free for inst. \n \nFix it by cancelling the work in vdec_close. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:17:52.000000Z"}, {"uuid": "1b0ee538-a270-4775-8135-a368261211b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42310", "type": "seen", "source": "https://t.me/cvedetector/3391", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42310 - Linux Kernel Drupal/Intel Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-42310 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes \n \nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() \nis assigned to mode, which will lead to a NULL pointer dereference on \nfailure of drm_mode_duplicate(). Add a check to avoid npd. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:17:51.000000Z"}, {"uuid": "b1900313-26b9-41bf-b071-387e4a2b6f9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42315", "type": "seen", "source": "https://t.me/cvedetector/3389", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42315 - \"Exfat Linux Kernel Deadlock in __exfat_get_dentry_set\"\", \n \"Content\": \"CVE ID : CVE-2024-42315 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nexfat: fix potential deadlock on __exfat_get_dentry_set \n \nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array \nis allocated in __exfat_get_entry_set. The problem is that the bh-array is \nallocated with GFP_KERNEL. It does not make sense. In the following cases, \na deadlock for sbi->s_lock between the two processes may occur. \n \n CPU0 CPU1 \n ---- ---- \n kswapd \n balance_pgdat \n lock(fs_reclaim) \n exfat_iterate \n lock(&sbi->s_lock) \n exfat_readdir \n exfat_get_uniname_from_ext_entry \n exfat_get_dentry_set \n __exfat_get_dentry_set \n kmalloc_array \n ... \n lock(fs_reclaim) \n ... \n evict \n exfat_evict_inode \n lock(&sbi->s_lock) \n \nTo fix this, let's allocate bh-array with GFP_NOFS. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:17:49.000000Z"}]}