{"vulnerability": "cve-2024-4497", "sightings": [{"uuid": "dfbbccf5-762c-44dc-8a54-26ee858a251b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44971", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "db1eaae3-9f24-492b-a5e2-56f8cc11f5ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-44970", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "ad583958-be9c-44a0-8221-31974090845d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44972", "type": "seen", "source": "https://t.me/cvedetector/4831", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44972 - Linux Btrfs RSV Data Leak\", \n \"Content\": \"CVE ID : CVE-2024-44972 \nPublished : Sept. 4, 2024, 7:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbtrfs: do not clear page dirty inside extent_write_locked_range() \n \n[BUG] \nFor subpage + zoned case, the following workload can lead to rsv data \nleak at unmount time: \n \n # mkfs.btrfs -f -s 4k $dev \n # mount $dev $mnt \n # fsstress -w -n 8 -d $mnt -s 1709539240 \n 0/0: fiemap - no filename \n 0/1: copyrange read - no filename \n 0/2: write - no filename \n 0/3: rename - no source filename \n 0/4: creat f0 x:0 0 0 \n 0/4: creat add id=0,parent=-1 \n 0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0 \n 0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1 \n 0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat() \n 0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0 \n # umount $mnt \n \nThe dmesg includes the following rsv leak detection warning (all call \ntrace skipped): \n \n ------------[ cut here ]------------ \n WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs] \n ---[ end trace 0000000000000000 ]--- \n ------------[ cut here ]------------ \n WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs] \n ---[ end trace 0000000000000000 ]--- \n ------------[ cut here ]------------ \n WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs] \n ---[ end trace 0000000000000000 ]--- \n BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6 \n ------------[ cut here ]------------ \n WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs] \n ---[ end trace 0000000000000000 ]--- \n BTRFS info (device sda): space_info DATA has 268218368 free, is not full \n BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0 \n BTRFS info (device sda): global_block_rsv: size 0 reserved 0 \n BTRFS info (device sda): trans_block_rsv: size 0 reserved 0 \n BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0 \n BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0 \n BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0 \n ------------[ cut here ]------------ \n WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs] \n ---[ end trace 0000000000000000 ]--- \n BTRFS info (device sda): space_info METADATA has 267796480 free, is not full \n BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760 \n BTRFS info (device sda): global_block_rsv: size 0 reserved 0 \n BTRFS info (device sda): trans_block_rsv: size 0 reserved 0 \n BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0 \n BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0 \n BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0 \n \nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone \nappend size of 64K, and the system has 64K page size. \n \n[CAUSE] \nI have added several trace_printk() to show the events (header skipped): \n \n > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688 \n > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288 \n > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536 \n > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864 \n \nThe above lines show our buffered write has dirtied 3 pages of inode \n259 of root 5: \n \n 704K 768K 832K 896K \n I |////I/////////////////I///////////| I \n 756K [...]", "creation_timestamp": "2024-09-04T21:56:06.000000Z"}, {"uuid": "337d30d5-4caa-4cdb-a1b6-d0da65701c16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-44972", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "46e37d4f-ae5b-4924-a5d0-f0017d27f304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44973", "type": "seen", "source": "https://t.me/cvedetector/4837", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44973 - Linux Kernel Slab Allocator Buffer Overflow\", \n \"Content\": \"CVE ID : CVE-2024-44973 \nPublished : Sept. 4, 2024, 7:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmm, slub: do not call do_slab_free for kfence object \n \nIn 782f8906f805 the freeing of kfence objects was moved from deep \ninside do_slab_free to the wrapper functions outside. This is a nice \nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk. \n \nThis results in a crash like this: \n \nBUG skbuff_head_cache (Tainted: G S B E ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840 \n \nslab_err (mm/slub.c:1129) \nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036) \nslab_pad_check (mm/slub.c:864 mm/slub.c:1290) \ncheck_slab (mm/slub.c:?) \nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036) \nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635) \nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549) \n \nAll the other callers to do_slab_free appear to be ok. \n \nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T21:56:12.000000Z"}, {"uuid": "3af8c341-c292-4d96-87ff-d947f5b64fe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44970", "type": "seen", "source": "https://t.me/cvedetector/4833", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44970 - \"Linux NetMLX5e List Corruption Use-After-Free\"\", \n \"Content\": \"CVE ID : CVE-2024-44970 \nPublished : Sept. 4, 2024, 7:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink \n \nWhen all the strides in a WQE have been consumed, the WQE is unlinked \nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible \nto receive CQEs with 0 consumed strides for the same WQE even after the \nWQE is fully consumed and unlinked. This triggers an additional unlink \nfor the same wqe which corrupts the linked list. \n \nFix this scenario by accepting 0 sized consumed strides without \nunlinking the WQE again. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T21:56:08.000000Z"}, {"uuid": "53d39877-20c3-4011-83f2-f0dd44b52a1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44971", "type": "seen", "source": "https://t.me/cvedetector/4834", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44971 - \"BCM SF2 Linux Kernel Memory Leak\"\", \n \"Content\": \"CVE ID : CVE-2024-44971 \nPublished : Sept. 4, 2024, 7:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() \n \nbcm_sf2_mdio_register() calls of_phy_find_device() and then \nphy_device_remove() in a loop to remove existing PHY devices. \nof_phy_find_device() eventually calls bus_find_device(), which calls \nget_device() on the returned struct device * to increment the refcount. \nThe current implementation does not decrement the refcount, which causes \nmemory leak. \n \nThis commit adds the missing phy_device_free() call to decrement the \nrefcount via put_device() to balance the refcount. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T21:56:09.000000Z"}]}