{"vulnerability": "cve-2024-4993", "sightings": [{"uuid": "c5fe10f9-8f6b-4ab3-9062-66162cb25fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49933", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "353fc702-a4ad-41ea-a6e1-3ad66db29888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49930", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "5d309dc0-2944-4e53-8151-5393ca0d079b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49936", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "765c425c-5cdf-40cd-a4b4-5618dd4a9906", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49938", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "ab665eca-f6dc-43a3-8c53-874f6f11d720", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49935", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mbynkk7rzk2z", "content": "", "creation_timestamp": "2026-01-09T13:55:33.994319Z"}, {"uuid": "50c4921d-a440-4c1b-b22d-61647beb67a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-49937", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "94cab243-42fd-4123-89e2-a54b6f9a58a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-49934", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "8d4328a1-607f-4b27-a8c3-d5e5d2e53934", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49934", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "7a2c6127-e343-4651-ac86-ad3901131f28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49932", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "033aafef-617c-421e-aaca-f768ce5e1a0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49939", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "264efbab-2c2a-48f5-b25d-bd44d897a0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49931", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "06c32c84-e538-4e70-9d9e-b4cd7f3368b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-49932", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "c8d5122e-fdec-4995-ab97-598bcd4bae6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49933", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16654", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-49933\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nblk_iocost: fix more out of bound shifts\n\nRecently running UBSAN caught few out of bound shifts in the\nioc_forgive_debts() function:\n\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38\nshift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long\nlong')\n...\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30\nshift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long\nlong')\n...\nCall Trace:\n\ndump_stack_lvl+0xca/0x130\n__ubsan_handle_shift_out_of_bounds+0x22c/0x280\n? __lock_acquire+0x6441/0x7c10\nioc_timer_fn+0x6cec/0x7750\n? blk_iocost_init+0x720/0x720\n? call_timer_fn+0x5d/0x470\ncall_timer_fn+0xfa/0x470\n? blk_iocost_init+0x720/0x720\n__run_timer_base+0x519/0x700\n...\n\nActual impact of this issue was not identified but I propose to fix the\nundefined behaviour.\nThe proposed fix to prevent those out of bound shifts consist of\nprecalculating exponent before using it the shift operations by taking\nmin value from the actual exponent and maximum possible number of bits.\n\ud83d\udccf Published: 2024-10-21T18:01:55.087Z\n\ud83d\udccf Modified: 2025-05-16T07:25:00.784Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/1f61d509257d6a05763d05bf37943b35306522b1\n2. https://git.kernel.org/stable/c/f4ef9bef023d5c543cb0f3194ecacfd47ef590ec\n3. https://git.kernel.org/stable/c/59121bb38fdc01434ea3fe361ee02b59f036227f\n4. https://git.kernel.org/stable/c/1ab2cfe19700fb3dde4c7dfec392acff34db3120\n5. https://git.kernel.org/stable/c/1b120f151871eb47ce9f283c007af3f8ae1d990e\n6. https://git.kernel.org/stable/c/364022095bdd4108efdaaa68576afa4712a5d085\n7. https://git.kernel.org/stable/c/9bce8005ec0dcb23a58300e8522fe4a31da606fa", "creation_timestamp": "2025-05-16T07:34:08.000000Z"}, {"uuid": "273a801a-657e-483d-86f0-36bc7ea50c95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49936", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16653", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-49936\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet/xen-netback: prevent UAF in xenvif_flush_hash()\n\nDuring the list_for_each_entry_rcu iteration call of xenvif_flush_hash,\nkfree_rcu does not exist inside the rcu read critical section, so if\nkfree_rcu is called when the rcu grace period ends during the iteration,\nUAF occurs when accessing head->next after the entry becomes free.\n\nTherefore, to solve this, you need to change it to list_for_each_entry_safe.\n\ud83d\udccf Published: 2024-10-21T18:01:57.066Z\n\ud83d\udccf Modified: 2025-05-16T07:25:02.313Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/3c4423b0c4b98213b3438e15061e1d08220e6982\n2. https://git.kernel.org/stable/c/a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c\n3. https://git.kernel.org/stable/c/a0465723b8581cad27164c9073fd780904cd22d4\n4. https://git.kernel.org/stable/c/efcff6ce7467f01f0753609f420333f3f2ceceda\n5. https://git.kernel.org/stable/c/143edf098b80669d05245b2f2367dd156a83a2c5\n6. https://git.kernel.org/stable/c/d408889d4b54f5501e4becc4dbbb9065143fbf4e\n7. https://git.kernel.org/stable/c/54d8639af5568fc41c0e274fc3ec9cf86c59fcbb\n8. https://git.kernel.org/stable/c/0fa5e94a1811d68fbffa0725efe6d4ca62c03d12", "creation_timestamp": "2025-05-16T07:34:07.000000Z"}, {"uuid": "45859804-3f33-4f1d-9bad-99d6199af2c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49938", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260511", "content": "", "creation_timestamp": "2026-05-10T18:00:00.000000Z"}]}