{"vulnerability": "cve-2024-5386", "sightings": [{"uuid": "cffd7a18-3529-4d96-83d4-fc2557ac2233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53863", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113589978642754398", "content": "", "creation_timestamp": "2024-12-03T17:05:24.347908Z"}, {"uuid": "bed5bb43-6aba-4e3d-9a01-4918ef9494c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53860", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113557116159617169", "content": "", "creation_timestamp": "2024-11-27T21:48:02.519293Z"}, {"uuid": "93383541-8665-45b5-9e2f-cff9a0a7bf99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53866", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113629669818413679", "content": "", "creation_timestamp": "2024-12-10T17:20:06.603483Z"}, {"uuid": "fba6fe94-cf3f-41d0-bfd2-80a11091a7ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53869", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgrlt53hxd2f", "content": "", "creation_timestamp": "2025-01-28T04:15:42.169107Z"}, {"uuid": "838819d1-d1e7-480d-b673-148ea3be8684", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53868", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llvrfdj26t2k", "content": "", "creation_timestamp": "2025-04-03T11:12:03.540340Z"}, {"uuid": "4b44bf03-a104-48de-a3f6-a0305fcdbad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53869", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113904039606967230", "content": "", "creation_timestamp": "2025-01-28T04:15:14.459431Z"}, {"uuid": "8c9ace5a-83af-4856-a6d2-9df068db2128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53868", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114274182812119084", "content": "", "creation_timestamp": "2025-04-03T13:07:31.335879Z"}, {"uuid": "bc442279-925e-4c26-b410-ac3fe8e48d3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53868", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114274182812119084", "content": "", "creation_timestamp": "2025-04-03T13:07:31.349464Z"}, {"uuid": "cb5bd227-e65f-45ed-be18-b00770b0bea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53866", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-18T16:44:36.000000Z"}, {"uuid": "f4fd86ff-371a-4e19-8604-cf04095e1be7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53868", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3llxk63jb6x2o", "content": "", "creation_timestamp": "2025-04-04T04:07:59.448607Z"}, {"uuid": "8dee716b-b086-4e52-91ed-d5324487c44f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53868", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3llxyq3xkwk2s", "content": "", "creation_timestamp": "2025-04-04T08:28:39.644016Z"}, {"uuid": "899d34ea-2371-47a0-9588-acd7d96a2d64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53866", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-16T23:16:38.000000Z"}, {"uuid": "00141a3f-c243-4508-b9db-ae9a0eabbef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53862", "type": "seen", "source": "https://gist.github.com/macaugh/b8005d8904708d5d7d7eb2ad08aa0ef9", "content": "", "creation_timestamp": "2026-04-22T05:30:28.000000Z"}, {"uuid": "ff7538c9-1a66-4d98-b0af-e04508484262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53869", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3234", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-53869\n\ud83d\udd25 CVSS Score: 5.4 (CVSS_V3)\n\ud83d\udd39 Description: NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure.\n\ud83d\udccf Published: 2025-01-28T06:30:40Z\n\ud83d\udccf Modified: 2025-01-28T06:30:40Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-53869\n2. https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "creation_timestamp": "2025-01-28T07:08:40.000000Z"}, {"uuid": "64d3f514-e062-41f6-9537-a139c7a6c217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53869", "type": "seen", "source": "https://t.me/itsec_news/5259", "content": "\u200b\u26a1\ufe0f\u0423\u0442\u0435\u0447\u043a\u0438 \u0438 \u0441\u0431\u043e\u0438: NVIDIA \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\ud83d\udcac NVIDIA \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 GPU, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0435\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0434\u043b\u044f Windows \u0438 Linux. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043e\u0448\u0438\u0431\u043e\u043a \u043c\u043e\u0433\u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445, \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u0444\u0430\u0439\u043b\u0430\u043c. \u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0432\u0438\u0434\u0435\u043e\u043a\u0430\u0440\u0442 NVIDIA \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0447\u0442\u043e\u0431\u044b \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0438\u0441\u043a\u0438.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2024-0150 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7.1), \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u043e\u0439 \u0441 \u043f\u0430\u043c\u044f\u0442\u044c\u044e \u2014 \u0434\u0430\u043d\u043d\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u2014 CVE-2024-0147 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 5.5) \u2014 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (Use-After-Free, UAF). \u041f\u043e\u0434\u043e\u0431\u043d\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0441\u043f\u0440\u043e\u0432\u043e\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0431\u043e\u0438 \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435, \u0447\u0442\u043e \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430\u043c\u0438.\n\n\u0412 Linux-\u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-53869 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 5.5), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043c\u043e\u0434\u0443\u043b\u0435\u043c Unified Memory. \u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u043b\u043e \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-0131 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 4.4), \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u043a\u0430\u043a \u0432 Windows-, \u0442\u0430\u043a \u0438 \u0432 Linux-\u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u0445, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0447\u0442\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0434\u043b\u0438\u043d\u043e\u0439, \u0447\u0442\u043e \u043c\u043e\u0433\u043b\u043e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0441\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0438, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c.\n\n\u0422\u0430\u043a\u0436\u0435 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043b\u044f Linux \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-0149(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 3.3), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0444\u0430\u0439\u043b\u0430\u043c.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 NVIDIA vGPU: \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438\n\n\u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u044b \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 NVIDIA vGPU, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c \u0432 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445. \u041e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0441\u0442\u0430\u043b\u0430 CVE-2024-0146 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7.8), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0432 Virtual GPU Manager, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0445\u0430\u043a\u0435\u0440\u0443 \u0438\u0437 \u0433\u043e\u0441\u0442\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0430 \u0445\u043e\u0441\u0442\u0435, \u0447\u0442\u043e \u043c\u043e\u0433\u043b\u043e \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, \u0443\u0442\u0435\u0447\u043a\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0414\u0440\u0443\u0433\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u0441\u0442\u0430\u043b\u0430 CVE-2024-53881 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 5.5), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u043c \u0445\u043e\u0441\u0442\u0430 NVIDIA vGPU. \u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0433\u043e\u0441\u0442\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0432\u043e\u043b\u043d\u0443 \u043f\u0440\u0435\u0440\u044b\u0432\u0430\u043d\u0438\u0439 \u043d\u0430 \u0445\u043e\u0441\u0442\u0435, \u043f\u0435\u0440\u0435\u0433\u0440\u0443\u0436\u0430\u044f \u0435\u0433\u043e \u0438 \u0432\u044b\u0437\u044b\u0432\u0430\u044f \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438. \u0425\u043e\u0442\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0441\u0440\u0435\u0434\u043d\u0435\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0440\u0435\u0434 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c.\n\n\u041a\u0430\u043a\u0438\u0435 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0434\u043b\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0432\u0435\u0442\u043e\u043a \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 NVIDIA, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 Windows \u0438 Linux. \u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438:\n\nWindows: \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0432\u0435\u0440\u0441\u0438\u0438 R535, R550, R560 \u0438 R565;\nLinux: \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0438 \u0432\u0435\u0442\u043a\u0438 R535 \u0438 R550.\n\u0421\u0440\u0435\u0434\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432, \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f:\nNVIDIA RTX, Quadro, NVS (Windows): \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 553.62 (R550) \u0438 539.19 (R535);\nTesla (Windows): \u0442\u0435 \u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432, \u0447\u0442\u043e \u0438 \u0434\u043b\u044f Quadro;\nGeForce (Linux): \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 550.144.03 (R550) \u0438 535.230.02 (R535).\n\n\u0414\u043b\u044f vGPU \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0447\u0435\u0440\u0435\u0437 NVIDIA Licensing Portal, \u043f\u0440\u0438\u0447\u0435\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f \u0433\u043e\u0441\u0442\u0435\u0432\u044b\u0445 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432, \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e GPU Manager \u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 \u0445\u043e\u0441\u0442\u0430.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b NVIDIA, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0442\u0435\u043c, \u043a\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u0438\u043b\u0438 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u044b \u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0445 \u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u044f\u0445. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0442\u0435\u0447\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0441\u0431\u043e\u0435\u0432 \u0434\u0435\u043b\u0430\u0435\u0442 \u0438\u0445 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u044b\u043c\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-01-29T13:05:09.000000Z"}, {"uuid": "def768d0-cb05-4897-8bc4-b81011863f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53868", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10193", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-53868\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Apache Traffic Server allows request smuggling if chunked messages are malformed.\u00a0\n\n\n\n\n\nThis issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4.\n\nUsers are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.\n\ud83d\udccf Published: 2025-04-03T08:59:02.557Z\n\ud83d\udccf Modified: 2025-04-03T09:03:43.467Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9", "creation_timestamp": "2025-04-03T09:34:54.000000Z"}, {"uuid": "64510044-5049-4f9c-8d19-488c7fe82bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53868", "type": "seen", "source": "https://t.me/cvedetector/21969", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53868 - Apache Traffic Server Chunked Request Smuggling Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53868 \nPublished : April 3, 2025, 9:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : Apache Traffic Server allows request smuggling if chunked messages are malformed.\u00a0  \n  \n  \n  \n  \n  \nThis issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4.  \n  \nUsers are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T13:33:50.000000Z"}, {"uuid": "cb82443b-4644-4670-ba4a-9e224faa7581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53869", "type": "seen", "source": "https://t.me/cvedetector/16570", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53869 - \"NVIDIA Unified Memory Linux Uninitialized Memory Information Disclosure\"\", \n  \"Content\": \"CVE ID : CVE-2024-53869 \nPublished : Jan. 28, 2025, 4:15 a.m. | 54\u00a0minutes ago \nDescription : NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T06:15:06.000000Z"}, {"uuid": "5d0e3d70-691a-4770-9037-333a1570537f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53868", "type": "seen", "source": "https://t.me/CyberBulletin/2902", "content": "\u26a1Apache Traffic Server Hit by Request Smuggling Vulnerability (CVE-2024-53868).\n\n#CyberBulletin", "creation_timestamp": "2025-04-04T14:48:44.000000Z"}, {"uuid": "f3c4ced3-4633-466d-99c0-15c6c262b08d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53863", "type": "seen", "source": "https://t.me/cvedetector/11905", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53863 - Synapse is an open-source Matrix homeserver. In Sy\", \n  \"Content\": \"CVE ID : CVE-2024-53863 \nPublished : Dec. 3, 2024, 5:15 p.m. | 2\u00a0hours ago \nDescription : Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem. Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP. This vulnerability is fixed in 1.120.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T20:40:51.000000Z"}, {"uuid": "f0dbbf79-9c74-431d-8258-a5b6abacbed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53866", "type": "seen", "source": "https://t.me/cvedetector/12529", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53866 - PNPM Package Manager Arbitrary Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53866 \nPublished : Dec. 10, 2024, 6:15 p.m. | 34\u00a0minutes ago \nDescription : The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data (including on first lockfile generation). This can make workspace A (even running with `ignore-scripts=true`) posion global cache and execute scripts in workspace B. Users generally expect `ignore-scripts` to be sufficient to prevent immediate code execution on install (e.g. when the tree is just repacked/bundled without executing it). Here, that expectation is broken. Global state integrity is lost via operations that one would expect to be secure, enabling subsequently running arbitrary code execution on installs. Version 9.15.0 fixes the issue. As a work-around, use separate cache and store dirs in each workspace. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T19:59:09.000000Z"}, {"uuid": "9b6d14d9-5205-4040-8c95-386f65aff947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53862", "type": "seen", "source": "https://t.me/cvedetector/11797", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53862 - Argo Workflows Token Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53862 \nPublished : Dec. 2, 2024, 4:15 p.m. | 33\u00a0minutes ago \nDescription : Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}` or when using `--auth-mode=sso`, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}`. No authentication is performed by the Server itself on `client` tokens. Authentication &amp; authorization is instead delegated to the k8s API server. However, the Workflow Archive does not interact with k8s, and so any token that looks valid will be considered authenticated, even if it is not a k8s token or even if the token has no RBAC for Argo. To handle the lack of pass-through k8s authN/authZ, the Workflow Archive specifically does the equivalent of a `kubectl auth can-i` check for respective methods. In 3.5.7 and 3.5.8, the auth check was accidentally removed on the GET Workflow endpoint's fallback to archived workflows on these lines, allowing archived workflows to be retrieved with a fake token. This vulnerability is fixed in 3.6.2 and 3.5.13. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-02T17:55:27.000000Z"}, {"uuid": "3d1f72f2-c49d-48c3-97e5-9a8c77690ca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53867", "type": "seen", "source": "https://t.me/cvedetector/11903", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53867 - Synapse Sliding Sync Room State Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53867 \nPublished : Dec. 3, 2024, 5:15 p.m. | 2\u00a0hours ago \nDescription : Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T20:40:50.000000Z"}, {"uuid": "9037a6fc-6848-4833-8434-0e8b7e27e055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-53866", "type": "published-proof-of-concept", "source": "https://github.com/pnpm/pnpm/security/advisories/GHSA-vm32-9rqf-rh3r", "content": "", "creation_timestamp": "2024-12-10T16:19:48.000000Z"}]}