{"vulnerability": "cve-2024-4499", "sightings": [{"uuid": "e5ff23bc-d810-4f63-a34c-ff88a5c2fd97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44990", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "1f057542-c6a8-40b7-9861-c3927769de8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44995", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "3483ddd1-351e-4725-ad0f-5c419f2b5086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44998", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "e13f7a3b-9257-4dd1-b174-1b52940b7a8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44999", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "71465ff6-ca84-4595-8533-e70782054f9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44999", "type": "seen", "source": "https://t.me/cvedetector/4862", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44999 - Linux GTP IPv6 Uninitialized Value Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-44999 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ngtp: pull network headers in gtp_dev_xmit() \n \nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] \n \nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head \nbefore accessing fields in them. \n \nUse pskb_inet_may_pull() to fix this issue. \n \n[1] \nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] \n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] \n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 \n ipv6_pdp_find drivers/net/gtp.c:220 [inline] \n gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] \n gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 \n __netdev_start_xmit include/linux/netdevice.h:4913 [inline] \n netdev_start_xmit include/linux/netdevice.h:4922 [inline] \n xmit_one net/core/dev.c:3580 [inline] \n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596 \n __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423 \n dev_queue_xmit include/linux/netdevice.h:3105 [inline] \n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 \n packet_snd net/packet/af_packet.c:3145 [inline] \n packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177 \n sock_sendmsg_nosec net/socket.c:730 [inline] \n __sock_sendmsg+0x30f/0x380 net/socket.c:745 \n __sys_sendto+0x685/0x830 net/socket.c:2204 \n __do_sys_sendto net/socket.c:2216 [inline] \n __se_sys_sendto net/socket.c:2212 [inline] \n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 \n x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 \n do_syscall_x64 arch/x86/entry/common.c:52 [inline] \n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 \n entry_SYSCALL_64_after_hwframe+0x77/0x7f \n \nUninit was created at: \n slab_post_alloc_hook mm/slub.c:3994 [inline] \n slab_alloc_node mm/slub.c:4037 [inline] \n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080 \n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583 \n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674 \n alloc_skb include/linux/skbuff.h:1320 [inline] \n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526 \n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815 \n packet_alloc_skb net/packet/af_packet.c:2994 [inline] \n packet_snd net/packet/af_packet.c:3088 [inline] \n packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177 \n sock_sendmsg_nosec net/socket.c:730 [inline] \n __sock_sendmsg+0x30f/0x380 net/socket.c:745 \n __sys_sendto+0x685/0x830 net/socket.c:2204 \n __do_sys_sendto net/socket.c:2216 [inline] \n __se_sys_sendto net/socket.c:2212 [inline] \n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 \n x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 \n do_syscall_x64 arch/x86/entry/common.c:52 [inline] \n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 \n entry_SYSCALL_64_after_hwframe+0x77/0x7f \n \nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:30.000000Z"}, {"uuid": "a3ce3f42-112d-4409-89ca-3174d384cde9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44992", "type": "seen", "source": "https://t.me/cvedetector/4870", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44992 - Microsoft SMB Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-44992 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nsmb/client: avoid possible NULL dereference in cifs_free_subrequest() \n \nClang static checker (scan-build) warning: \n cifsglob.h:line 890, column 3 \n Access to field 'ops' results in a dereference of a null pointer. \n \nCommit 519be989717c (\"cifs: Add a tracepoint to track credits involved in \nR/W requests\") adds a check for 'rdata->server', and let clang throw this \nwarning about NULL dereference. \n \nWhen 'rdata->credits.value != 0 && rdata->server == NULL' happens, \nadd_credits_and_wake_if() will call rdata->server->ops->add_credits(). \nThis will cause NULL dereference problem. Add a check for 'rdata->server' \nto avoid NULL dereference. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:41.000000Z"}, {"uuid": "2ef24f06-9800-48f4-aefa-3bcc45018d31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44997", "type": "seen", "source": "https://t.me/cvedetector/4855", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44997 - Mediatek Linux Kernel Use-After-Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-44997 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() \n \nWhen there are multiple ap interfaces on one band and with WED on, \nturning the interface down will cause a kernel panic on MT798X. \n \nPreviously, cb_priv was freed in mtk_wed_setup_tc_block() without \nmarking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too. \n \nAssign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL \nin mtk_wed_setup_tc_block_cb(). \n \n---------- \nUnable to handle kernel paging request at virtual address 0072460bca32b4f5 \nCall trace: \n mtk_wed_setup_tc_block_cb+0x4/0x38 \n 0xffffffc0794084bc \n tcf_block_playback_offloads+0x70/0x1e8 \n tcf_block_unbind+0x6c/0xc8 \n... \n--------- \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:18.000000Z"}, {"uuid": "df173356-b111-4ea8-9681-a8a58bbad80b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44994", "type": "seen", "source": "https://t.me/cvedetector/4868", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44994 - Linux iommu Arbitrary Code Execution Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-44994 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \niommu: Restore lost return in iommu_report_device_fault() \n \nWhen iommu_report_device_fault gets called with a partial fault it is \nsupposed to collect the fault into the group and then return. \n \nInstead the return was accidently deleted which results in trying to \nprocess the fault and an eventual crash. \n \nDeleting the return was a typo, put it back. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:39.000000Z"}, {"uuid": "3c39e53f-a66b-4bca-bf2c-93daa0240bba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44996", "type": "seen", "source": "https://t.me/cvedetector/4866", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44996 - Linux Kernel vsock BPF Recursion Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-44996 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nvsock: fix recursive ->recvmsg calls \n \nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg \nhas been replaced with vsock_bpf_recvmsg(). Thus the following \nrecursiion could happen: \n \nvsock_bpf_recvmsg() \n -> __vsock_recvmsg() \n -> vsock_connectible_recvmsg() \n -> prot->recvmsg() \n -> vsock_bpf_recvmsg() again \n \nWe need to fix it by calling the original ->recvmsg() without any BPF \nsockmap logic in __vsock_recvmsg(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:37.000000Z"}, {"uuid": "2e8088fa-e04f-48bc-ab8a-33d85113fc5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44991", "type": "seen", "source": "https://t.me/cvedetector/4860", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44991 - Linux Kernel - Net namespace TCP Timewait Socket Deserialization Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-44991 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ntcp: prevent concurrent execution of tcp_sk_exit_batch \n \nIts possible that two threads call tcp_sk_exit_batch() concurrently, \nonce from the cleanup_net workqueue, once from a task that failed to clone \na new netns. In the latter case, error unwinding calls the exit handlers \nin reverse order for the 'failed' netns. \n \ntcp_sk_exit_batch() calls tcp_twsk_purge(). \nProblem is that since commit b099ce2602d8 (\"net: Batch inet_twsk_purge\"), \nthis function picks up twsk in any dying netns, not just the one passed \nin via exit_batch list. \n \nThis means that the error unwind of setup_net() can \"steal\" and destroy \ntimewait sockets belonging to the exiting netns. \n \nThis allows the netns exit worker to proceed to call \n \nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount)); \n \nwithout the expected 1 -> 0 transition, which then splats. \n \nAt same time, error unwind path that is also running inet_twsk_purge() \nwill splat as well: \n \nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 \n... \n refcount_dec include/linux/refcount.h:351 [inline] \n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70 \n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221 \n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304 \n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522 \n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178 \n setup_net+0x714/0xb40 net/core/net_namespace.c:375 \n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508 \n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110 \n \n... because refcount_dec() of tw_refcount unexpectedly dropped to 0. \n \nThis doesn't seem like an actual bug (no tw sockets got lost and I don't \nsee a use-after-free) but as erroneous trigger of debug check. \n \nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge() \nblocks other task from doing final _dec_and_test before mutex-owner has \nremoved all tw sockets of dying netns. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:26.000000Z"}, {"uuid": "b09f1206-cbd9-4468-a7ef-14a9f28c967f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44995", "type": "seen", "source": "https://t.me/cvedetector/4858", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44995 - \"HP NetXtreme HNS3 Linux Driver Deadlock Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-44995 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: hns3: fix a deadlock problem when config TC during resetting \n \nWhen config TC during the reset process, may cause a deadlock, the flow is \nas below: \n pf reset start \n \u2502 \n \u25bc \n ...... \nsetup tc \u2502 \n \u2502 \u25bc \n \u25bc DOWN: napi_disable() \nnapi_disable()(skip) \u2502 \n \u2502 \u2502 \n \u25bc \u25bc \n ...... ...... \n \u2502 \u2502 \n \u25bc \u2502 \nnapi_enable() \u2502 \n \u25bc \n UINIT: netif_napi_del() \n \u2502 \n \u25bc \n ...... \n \u2502 \n \u25bc \n INIT: netif_napi_add() \n \u2502 \n \u25bc \n ...... global reset start \n \u2502 \u2502 \n \u25bc \u25bc \n UP: napi_enable()(skip) ...... \n \u2502 \u2502 \n \u25bc \u25bc \n ...... napi_disable() \n \nIn reset process, the driver will DOWN the port and then UINIT, in this \ncase, the setup tc process will UP the port before UINIT, so cause the \nproblem. Adds a DOWN process in UINIT to fix it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:24.000000Z"}, {"uuid": "736b6cbe-c087-4edf-a7b9-0b0cc1c84521", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44993", "type": "seen", "source": "https://t.me/cvedetector/4857", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44993 - Raspberry Pi 5 UAPI Array Index Out-of-Bounds Vulnerability in Linux drm/v3d\", \n \"Content\": \"CVE ID : CVE-2024-44993 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()` \n \nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning: \n \n[ 387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3 \n[ 387.903868] index 7 is out of range for type '__u32 [7]' \n[ 387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G WC 6.10.3-v8-16k-numa #151 \n[ 387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT) \n[ 387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched] \n[ 387.932525] Call trace: \n[ 387.935296] dump_backtrace+0x170/0x1b8 \n[ 387.939403] show_stack+0x20/0x38 \n[ 387.942907] dump_stack_lvl+0x90/0xd0 \n[ 387.946785] dump_stack+0x18/0x28 \n[ 387.950301] __ubsan_handle_out_of_bounds+0x98/0xd0 \n[ 387.955383] v3d_csd_job_run+0x3a8/0x438 [v3d] \n[ 387.960707] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched] \n[ 387.966862] process_one_work+0x62c/0xb48 \n[ 387.971296] worker_thread+0x468/0x5b0 \n[ 387.975317] kthread+0x1c4/0x1e0 \n[ 387.978818] ret_from_fork+0x10/0x20 \n[ 387.983014] ---[ end trace ]--- \n \nThis happens because the UAPI provides only seven configuration \nregisters and we are reading the eighth position of this u32 array. \n \nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by \naccessing only seven positions on the '__u32 [7]' array. The eighth \nregister exists indeed on V3D 7.1, but it isn't currently used. That \nbeing so, let's guarantee that it remains unused and add a note that it \ncould be set in a future patch. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:23.000000Z"}]}