{"vulnerability": "cve-2024-5667", "sightings": [{"uuid": "7fc95d82-0562-4ecf-9994-68d0fda14662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56671", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lecc2w675f2i", "content": "", "creation_timestamp": "2024-12-27T15:20:58.735530Z"}, {"uuid": "b436f25d-a5d8-4c5a-9352-ccf2fae7fe05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56672", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lecc2z3o352f", "content": "", "creation_timestamp": "2024-12-27T15:21:01.766668Z"}, {"uuid": "be35e9f1-89b8-4710-b415-d7d8dd7ca476", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56670", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lecc2u3s7w22", "content": "", "creation_timestamp": "2024-12-27T15:20:56.530181Z"}, {"uuid": "cd645b54-c574-4184-9d82-fc6bd47690c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56673", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lecc33vgwu2c", "content": "", "creation_timestamp": "2024-12-27T15:21:04.824564Z"}, {"uuid": "d41dc408-7d9b-4645-b8af-a0671e0ebe66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56674", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lecc364blr25", "content": "", "creation_timestamp": "2024-12-27T15:21:07.248093Z"}, {"uuid": "1899260f-af4f-451f-8cc7-77b37a9aca42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56675", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lecc3ac6zn2f", "content": "", "creation_timestamp": "2024-12-27T15:21:10.364160Z"}, {"uuid": "0e5754ee-f4ef-4de3-8203-8dd0d650a1c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56676", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113729823514125927", "content": "", "creation_timestamp": "2024-12-28T09:49:47.700595Z"}, {"uuid": "e655d332-727a-4b77-a61d-31e69e0e781f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56677", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113729823529369595", "content": "", "creation_timestamp": "2024-12-28T09:49:48.091137Z"}, {"uuid": "d39d89cd-2780-4d80-88a4-c238b4793378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56679", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113729823558373986", "content": "", "creation_timestamp": "2024-12-28T09:49:48.451531Z"}, {"uuid": "9a1b7ea9-dee2-4df5-a15f-000cce4efd8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56678", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113729823543836985", "content": "", "creation_timestamp": "2024-12-28T09:49:48.733462Z"}, {"uuid": "77af73fc-79f6-4146-b012-d6a93706c561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56676", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113729837338010451", "content": "", "creation_timestamp": "2024-12-28T09:53:18.577079Z"}, {"uuid": "66522779-d0ad-4060-90c5-a4c12d79d402", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56677", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113729837353563403", "content": "", "creation_timestamp": "2024-12-28T09:53:18.840692Z"}, {"uuid": "740a91d8-32bc-4115-98eb-0115516ef3c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56678", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113729837368454514", "content": "", "creation_timestamp": "2024-12-28T09:53:19.198618Z"}, {"uuid": "c3e1b515-a296-4a9a-b3d3-76deacdbe3fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56679", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113729837382871478", "content": "", "creation_timestamp": "2024-12-28T09:53:19.330084Z"}, {"uuid": "7669d703-6a11-4e29-b861-80ea9acc1931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56676", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebhsosz22l", "content": "", "creation_timestamp": "2024-12-28T10:15:25.254359Z"}, {"uuid": "b826e2dd-5f03-4a43-b209-954f5c31470a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56677", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebhusbzk2i", "content": "", "creation_timestamp": "2024-12-28T10:15:27.280813Z"}, {"uuid": "68bf062c-7839-49e9-b420-c0683dde1782", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56678", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebhwylu422", "content": "", "creation_timestamp": "2024-12-28T10:15:29.449874Z"}, {"uuid": "9416eaf6-8726-46ce-96f4-7eb5446638f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56679", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leebhzqw722i", "content": "", "creation_timestamp": "2024-12-28T10:15:32.493176Z"}, {"uuid": "dff8c977-6ccc-4d4e-b971-38006ce8614a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5667", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6527", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-5667\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-05T09:21:46.075Z\n\ud83d\udccf Modified: 2025-03-05T09:21:46.075Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/44b173da-a6b9-424c-95a1-a87a9b8ee4af?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3137531/responsive-lightbox\n3. https://plugins.trac.wordpress.org/browser/wp-featherlight/trunk/js/wpFeatherlight.pkgd.js", "creation_timestamp": "2025-03-05T09:36:05.000000Z"}, {"uuid": "2e02519f-e9d1-4e77-a355-52a5cfc2dd28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56670", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "a14bd028-ebd8-4fb4-922e-5986ef7dd5eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56672", "type": "seen", "source": "https://gist.github.com/webmutation/894dd1a9a17615b7469198bb18bc3a16", "content": "", "creation_timestamp": "2025-04-12T00:10:16.000000Z"}, {"uuid": "ecdf3962-a90b-4561-8dbb-901ee8077426", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-56674", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "e7f5dbb2-8dd7-428f-9900-c4189138bf9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-56671", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "75bde21b-55c4-4ca7-be00-0ab43de33fed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-56677", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "55df9197-b629-4fb8-bc6a-4841f2a6da7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56675", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/168", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-ppp3-73jm-5rm6\n\ud83d\udd17 Aliases: CVE-2024-56675\n\ud83d\udd39 Details: In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors\n\nUprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU\nprotection. But it is possible to attach a non-sleepable BPF program to a\nuprobe, and non-sleepable BPF programs are freed via normal RCU (see\n__bpf_prog_put_noref()). This leads to UAF of the bpf_prog because a normal\nRCU grace period does not imply a tasks-trace-RCU grace period.\n\nFix it by explicitly waiting for a tasks-trace-RCU grace period after\nremoving the attachment of a bpf_prog to a perf_event.\n\ud83d\udd22 Severity: CVSS_V3: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\n\ud83d\uddd3\ufe0f Modified: 2025-01-06T15:30:59Z\n\ud83d\uddd3\ufe0f Published: 2024-12-27T15:31:56Z\n\ud83c\udff7\ufe0f CWE IDs: CWE-416\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-5665\n2. https://git.kernel.org/stable/c/9245459a992d22fe0e92e988f49db1fec82c184a\n3. https://git.kernel.org/stable/c/9b53d2c2a38a1effc341d99be3f99faef104d\n4. https://git.kernel.org/stable/c/ef1b808e3bc98612feceedf985c2fbbeb28f956\n5. https://git.kernel.org/stable/c/f9f85df30118f3f411261e6682fc60ebcce23e5", "creation_timestamp": "2025-01-06T15:37:11.000000Z"}, {"uuid": "4e786067-ca44-468a-a030-807fc5d2d504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56673", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/170", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-58c3-gqj2-fvq8\n\ud83d\udd17 Aliases: CVE-2024-56673\n\ud83d\udd39 Details: In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: mm: Do not call pmd dtor on vmemmap page table teardown\n\nThe vmemmap's, which is used for RV64 with SPARSEMEM_VMEMMAP, page\ntables are populated using pmd (page middle directory) hugetables.\nHowever, the pmd allocation is not using the generic mechanism used by\nthe VMA code (e.g. pmd_alloc()), or the RISC-V specific\ncreate_pgd_mapping()/alloc_pmd_late(). Instead, the vmemmap page table\ncode allocates a page, and calls vmemmap_set_pmd(). This results in\nthat the pmd ctor is *not* called, nor would it make sense to do so.\n\nNow, when tearing down a vmemmap page table pmd, the cleanup code\nwould unconditionally, and incorrectly call the pmd dtor, which\nresults in a crash (best case).\n\nThis issue was found when running the HMM selftests:\n\n | tools/testing/selftests/mm# ./test_hmm.sh smoke\n | ... # when unloading the test_hmm.ko module\n | page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10915b\n | flags: 0x1000000000000000(node=0|zone=1)\n | raw: 1000000000000000 0000000000000000 dead000000000122 0000000000000000\n | raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\n | page dumped because: VM_BUG_ON_PAGE(ptdesc->pmd_huge_pte)\n | ------------[ cut here ]------------\n | kernel BUG at include/linux/mm.h:3080!\n | Kernel BUG [#1]\n | Modules linked in: test_hmm(-) sch_fq_codel fuse drm drm_panel_orientation_quirks backlight dm_mod\n | CPU: 1 UID: 0 PID: 514 Comm: modprobe Tainted: G W 6.12.0-00982-gf2a4f1682d07 #2\n | Tainted: [W]=WARN\n | Hardware name: riscv-virtio qemu/qemu, BIOS 2024.10 10/01/2024\n | epc : remove_pgd_mapping+0xbec/0x1070\n | ra : remove_pgd_mapping+0xbec/0x1070\n | epc : ffffffff80010a68 ra : ffffffff80010a68 sp : ff20000000a73940\n | gp : ffffffff827b2d88 tp : ff6000008785da40 t0 : ffffffff80fbce04\n | t1 : 0720072007200720 t2 : 706d756420656761 s0 : ff20000000a73a50\n | s1 : ff6000008915cff8 a0 : 0000000000000039 a1 : 0000000000000008\n | a2 : ff600003fff0de20 a3 : 0000000000000000 a4 : 0000000000000000\n | a5 : 0000000000000000 a6 : c0000000ffffefff a7 : ffffffff824469b8\n | s2 : ff1c0000022456c0 s3 : ff1ffffffdbfffff s4 : ff6000008915c000\n | s5 : ff6000008915c000 s6 : ff6000008915c000 s7 : ff1ffffffdc00000\n | s8 : 0000000000000001 s9 : ff1ffffffdc00000 s10: ffffffff819a31f0\n | s11: ffffffffffffffff t3 : ffffffff8000c950 t4 : ff60000080244f00\n | t5 : ff60000080244000 t6 : ff20000000a73708\n | status: 0000000200000120 badaddr: ffffffff80010a68 cause: 0000000000000003\n | [] remove_pgd_mapping+0xbec/0x1070\n | [] vmemmap_free+0x14/0x1e\n | [] section_deactivate+0x220/0x452\n | [] sparse_remove_section+0x4a/0x58\n | [] __remove_pages+0x7e/0xba\n | [] memunmap_pages+0x2bc/0x3fe\n | [] dmirror_device_remove_chunks+0x2ea/0x518 [test_hmm]\n | [] hmm_dmirror_exit+0x3e/0x1018 [test_hmm]\n | [] __riscv_sys_delete_module+0x15a/0x2a6\n | [] do_trap_ecall_u+0x1f2/0x266\n | [] _new_vmalloc_restore_context_a0+0xc6/0xd2\n | Code: bf51 7597 0184 8593 76a5 854a 4097 0029 80e7 2c00 (9002) 7597\n | ---[ end trace 0000000000000000 ]---\n | Kernel panic - not syncing: Fatal exception in interrupt\n\nAdd a check to avoid calling the pmd dtor, if the calling context is\nvmemmap_free().\n\ud83d\udd22 Severity: CVSS_V3: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\n\ud83d\uddd3\ufe0f Modified: 2025-01-06T15:30:59Z\n\ud83d\uddd3\ufe0f Published: 2024-12-27T15:31:56Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-5663\n2. https://git.kernel.org/stable/c/21f1b85c8912262adf510e63614a114425eb10\n3. https://git.kernel.org/stable/c/344945806f2faf68be98bac02836c86f223aa9", "creation_timestamp": "2025-01-06T15:37:42.000000Z"}, {"uuid": "6d8e9cf5-6ff4-4b56-bb06-403f386e4c3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5667", "type": "seen", "source": "https://t.me/cvedetector/19612", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-5667 - WordPress Featherlight.js Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-5667 \nPublished : March 5, 2025, 10:15 a.m. | 48\u00a0minutes ago \nDescription : Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T12:45:53.000000Z"}, {"uuid": "c85ecc6d-4709-4e63-aba5-acc4267f8a38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56671", "type": "seen", "source": "https://t.me/cvedetector/13774", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56671 - Linux Kernel: GPIO Graniterapids Const Qualifier Write Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56671 \nPublished : Dec. 27, 2024, 3:15 p.m. | 32\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ngpio: graniterapids: Fix vGPIO driver crash \n \nMove setting irq_chip.name from probe() function to the initialization \nof \"irq_chip\" struct in order to fix vGPIO driver crash during bootup. \n \nCrash was caused by unauthorized modification of irq_chip.name field \nwhere irq_chip struct was initialized as const. \n \nThis behavior is a consequence of suboptimal implementation of \ngpio_irq_chip_set_chip(), which should be changed to avoid \ncasting away const qualifier. \n \nCrash log: \nBUG: unable to handle page fault for address: ffffffffc0ba81c0 \n/#PF: supervisor write access in kernel mode \n/#PF: error_code(0x0003) - permissions violation \nCPU: 33 UID: 0 PID: 1075 Comm: systemd-udevd Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 #1 \nHardware name: Intel Corporation Kaseyville RP/Kaseyville RP, BIOS KVLDCRB1.PGS.0026.D73.2410081258 10/08/2024 \nRIP: 0010:gnr_gpio_probe+0x171/0x220 [gpio_graniterapids] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T16:51:06.000000Z"}, {"uuid": "c1731330-f94d-4250-81cd-b0761e2142c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56670", "type": "seen", "source": "https://t.me/cvedetector/13773", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56670 - \"Linux USB: Gadget: U-Serial Null Pointer Dereference\"\", \n \"Content\": \"CVE ID : CVE-2024-56670 \nPublished : Dec. 27, 2024, 3:15 p.m. | 32\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nusb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer \n \nConsidering that in some extreme cases, \nwhen u_serial driver is accessed by multiple threads, \nThread A is executing the open operation and calling the gs_open, \nThread B is executing the disconnect operation and calling the \ngserial_disconnect function,The port->port_usb pointer will be set to NULL. \n \nE.g. \n Thread A Thread B \n gs_open() gadget_unbind_driver() \n gs_start_io() composite_disconnect() \n gs_start_rx() gserial_disconnect() \n ... ... \n spin_unlock(&port->port_lock) \n status = usb_ep_queue() spin_lock(&port->port_lock) \n spin_lock(&port->port_lock) port->port_usb = NULL \n gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock) \n Crash \n \nThis causes thread A to access a null pointer (port->port_usb is null) \nwhen calling the gs_free_requests function, causing a crash. \n \nIf port_usb is NULL, the release request will be skipped as it \nwill be done by gserial_disconnect. \n \nSo add a null pointer check to gs_start_io before attempting \nto access the value of the pointer port->port_usb. \n \nCall trace: \n gs_start_io+0x164/0x25c \n gs_open+0x108/0x13c \n tty_open+0x314/0x638 \n chrdev_open+0x1b8/0x258 \n do_dentry_open+0x2c4/0x700 \n vfs_open+0x2c/0x3c \n path_openat+0xa64/0xc60 \n do_filp_open+0xb8/0x164 \n do_sys_openat2+0x84/0xf0 \n __arm64_sys_openat+0x70/0x9c \n invoke_syscall+0x58/0x114 \n el0_svc_common+0x80/0xe0 \n do_el0_svc+0x1c/0x28 \n el0_svc+0x38/0x68 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T16:51:05.000000Z"}, {"uuid": "e8371aa3-ebac-4d0f-b0cc-ade944753598", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56675", "type": "seen", "source": "https://t.me/cvedetector/13765", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56675 - Linux Kernel BPF UAF Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56675 \nPublished : Dec. 27, 2024, 3:15 p.m. | 32\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors \n \nUprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU \nprotection. But it is possible to attach a non-sleepable BPF program to a \nuprobe, and non-sleepable BPF programs are freed via normal RCU (see \n__bpf_prog_put_noref()). This leads to UAF of the bpf_prog because a normal \nRCU grace period does not imply a tasks-trace-RCU grace period. \n \nFix it by explicitly waiting for a tasks-trace-RCU grace period after \nremoving the attachment of a bpf_prog to a perf_event. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T16:50:53.000000Z"}, {"uuid": "c176df98-0bf4-4c90-8ea8-c1236cd9f0da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56673", "type": "seen", "source": "https://t.me/cvedetector/13764", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56673 - RISC-V Linux: Invalid pmd dtor call in vmemmap page table teardown\", \n \"Content\": \"CVE ID : CVE-2024-56673 \nPublished : Dec. 27, 2024, 3:15 p.m. | 32\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nriscv: mm: Do not call pmd dtor on vmemmap page table teardown \n \nThe vmemmap's, which is used for RV64 with SPARSEMEM_VMEMMAP, page \ntables are populated using pmd (page middle directory) hugetables. \nHowever, the pmd allocation is not using the generic mechanism used by \nthe VMA code (e.g. pmd_alloc()), or the RISC-V specific \ncreate_pgd_mapping()/alloc_pmd_late(). Instead, the vmemmap page table \ncode allocates a page, and calls vmemmap_set_pmd(). This results in \nthat the pmd ctor is *not* called, nor would it make sense to do so. \n \nNow, when tearing down a vmemmap page table pmd, the cleanup code \nwould unconditionally, and incorrectly call the pmd dtor, which \nresults in a crash (best case). \n \nThis issue was found when running the HMM selftests: \n \n | tools/testing/selftests/mm# ./test_hmm.sh smoke \n | ... # when unloading the test_hmm.ko module \n | page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10915b \n | flags: 0x1000000000000000(node=0|zone=1) \n | raw: 1000000000000000 0000000000000000 dead000000000122 0000000000000000 \n | raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 \n | page dumped because: VM_BUG_ON_PAGE(ptdesc->pmd_huge_pte) \n | ------------[ cut here ]------------ \n | kernel BUG at include/linux/mm.h:3080! \n | Kernel BUG [#1] \n | Modules linked in: test_hmm(-) sch_fq_codel fuse drm drm_panel_orientation_quirks backlight dm_mod \n | CPU: 1 UID: 0 PID: 514 Comm: modprobe Tainted: G W 6.12.0-00982-gf2a4f1682d07 #2 \n | Tainted: [W]=WARN \n | Hardware name: riscv-virtio qemu/qemu, BIOS 2024.10 10/01/2024 \n | epc : remove_pgd_mapping+0xbec/0x1070 \n | ra : remove_pgd_mapping+0xbec/0x1070 \n | epc : ffffffff80010a68 ra : ffffffff80010a68 sp : ff20000000a73940 \n | gp : ffffffff827b2d88 tp : ff6000008785da40 t0 : ffffffff80fbce04 \n | t1 : 0720072007200720 t2 : 706d756420656761 s0 : ff20000000a73a50 \n | s1 : ff6000008915cff8 a0 : 0000000000000039 a1 : 0000000000000008 \n | a2 : ff600003fff0de20 a3 : 0000000000000000 a4 : 0000000000000000 \n | a5 : 0000000000000000 a6 : c0000000ffffefff a7 : ffffffff824469b8 \n | s2 : ff1c0000022456c0 s3 : ff1ffffffdbfffff s4 : ff6000008915c000 \n | s5 : ff6000008915c000 s6 : ff6000008915c000 s7 : ff1ffffffdc00000 \n | s8 : 0000000000000001 s9 : ff1ffffffdc00000 s10: ffffffff819a31f0 \n | s11: ffffffffffffffff t3 : ffffffff8000c950 t4 : ff60000080244f00 \n | t5 : ff60000080244000 t6 : ff20000000a73708 \n | status: 0000000200000120 badaddr: ffffffff80010a68 cause: 0000000000000003 \n | [] remove_pgd_mapping+0xbec/0x1070 \n | [] vmemmap_free+0x14/0x1e \n | [] section_deactivate+0x220/0x452 \n | [] sparse_remove_section+0x4a/0x58 \n | [] __remove_pages+0x7e/0xba \n | [] memunmap_pages+0x2bc/0x3fe \n | [] dmirror_device_remove_chunks+0x2ea/0x518 [test_hmm] \n | [] hmm_dmirror_exit+0x3e/0x1018 [test_hmm] \n | [] __riscv_sys_delete_module+0x15a/0x2a6 \n | [] do_trap_ecall_u+0x1f2/0x266 \n | [] _new_vmalloc_restore_context_a0+0xc6/0xd2 \n | Code: bf51 7597 0184 8593 76a5 854a 4097 0029 80e7 2c00 (9002) 7597 \n | ---[ end trace 0000000000000000 ]--- \n | Kernel panic - not syncing: Fatal exception in interrupt \n \nAdd a check to avoid calling the pmd dtor, if the calling context is \nvmemmap_free(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T16:50:52.000000Z"}, {"uuid": "d3b93f04-1983-4163-bb36-96eb1a3ae432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56674", "type": "seen", "source": "https://t.me/cvedetector/13762", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56674 - Virtio Net BQL Crash Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56674 \nPublished : Dec. 27, 2024, 3:15 p.m. | 32\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nvirtio_net: correct netdev_tx_reset_queue() invocation point \n \nWhen virtnet_close is followed by virtnet_open, some TX completions can \npossibly remain unconsumed, until they are finally processed during the \nfirst NAPI poll after the netdev_tx_reset_queue(), resulting in a crash \n[1]. Commit b96ed2c97c79 (\"virtio_net: move netdev_tx_reset_queue() call \nbefore RX napi enable\") was not sufficient to eliminate all BQL crash \ncases for virtio-net. \n \nThis issue can be reproduced with the latest net-next master by running: \n`while :; do ip l set DEV down; ip l set DEV up; done` under heavy network \nTX load from inside the machine. \n \nnetdev_tx_reset_queue() can actually be dropped from virtnet_open path; \nthe device is not stopped in any case. For BQL core part, it's just like \ntraffic nearly ceases to exist for some period. For stall detector added \nto BQL, even if virtnet_close could somehow lead to some TX completions \ndelayed for long, followed by virtnet_open, we can just take it as stall \nas mentioned in commit 6025b9135f7a (\"net: dqs: add NIC stall detector \nbased on BQL\"). Note also that users can still reset stall_max via sysfs. \n \nSo, drop netdev_tx_reset_queue() from virtnet_enable_queue_pair(). This \neliminates the BQL crashes. As a result, netdev_tx_reset_queue() is now \nexplicitly required in freeze/restore path. This patch adds it to \nimmediately after free_unused_bufs(), following the rule of thumb: \nnetdev_tx_reset_queue() should follow any SKB freeing not followed by \nnetdev_tx_completed_queue(). This seems the most consistent and \nstreamlined approach, and now netdev_tx_reset_queue() runs whenever \nfree_unused_bufs() is done. \n \n[1]: \n------------[ cut here ]------------ \nkernel BUG at lib/dynamic_queue_limits.c:99! \nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI \nCPU: 7 UID: 0 PID: 1598 Comm: ip Tainted: G N 6.12.0net-next_main+ #2 \nTainted: [N]=TEST \nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), \\ \nBIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 \nRIP: 0010:dql_completed+0x26b/0x290 \nCode: b7 c2 49 89 e9 44 89 da 89 c6 4c 89 d7 e8 ed 17 47 00 58 65 ff 0d \n4d 27 90 7e 0f 85 fd fe ff ff e8 ea 53 8d ff e9 f3 fe ff ff <0f0b 01 \nd2 44 89 d1 29 d1 ba 00 00 00 00 0f 48 ca e9 28 ff ff ff \nRSP: 0018:ffffc900002b0d08 EFLAGS: 00010297 \nRAX: 0000000000000000 RBX: ffff888102398c80 RCX: 0000000080190009 \nRDX: 0000000000000000 RSI: 000000000000006a RDI: 0000000000000000 \nRBP: ffff888102398c00 R08: 0000000000000000 R09: 0000000000000000 \nR10: 00000000000000ca R11: 0000000000015681 R12: 0000000000000001 \nR13: ffffc900002b0d68 R14: ffff88811115e000 R15: ffff8881107aca40 \nFS: 00007f41ded69500(0000) GS:ffff888667dc0000(0000) \nknlGS:0000000000000000 \nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \nCR2: 0000556ccc2dc1a0 CR3: 0000000104fd8003 CR4: 0000000000772ef0 \nPKRU: 55555554 \nCall Trace: \n \n ? die+0x32/0x80 \n ? do_trap+0xd9/0x100 \n ? dql_completed+0x26b/0x290 \n ? dql_completed+0x26b/0x290 \n ? do_error_trap+0x6d/0xb0 \n ? dql_completed+0x26b/0x290 \n ? exc_invalid_op+0x4c/0x60 \n ? dql_completed+0x26b/0x290 \n ? asm_exc_invalid_op+0x16/0x20 \n ? dql_completed+0x26b/0x290 \n __free_old_xmit+0xff/0x170 [virtio_net] \n free_old_xmit+0x54/0xc0 [virtio_net] \n virtnet_poll+0xf4/0xe30 [virtio_net] \n ? __update_load_avg_cfs_rq+0x264/0x2d0 \n ? update_curr+0x35/0x260 \n ? reweight_entity+0x1be/0x260 \n __napi_poll.constprop.0+0x28/0x1c0 \n net_rx_action+0x329/0x420 \n ? enqueue_hrtimer+0x35/0x90 \n ? trace_hardirqs_on+0x1d/0x80 \n ? kvm_sched_clock_read+0xd/0x20 \n ? sched_clock+0xc/0x30 \n ? kvm_sched_clock_read+0xd/0x20 \n ? sched_clock+0xc/0x30 \n ? sched_clock_cpu+0xd/0x1a0 \n handle_softirqs+0x138/0x3e0 \n do_softirq.p[...]", "creation_timestamp": "2024-12-27T16:50:50.000000Z"}, {"uuid": "476ea8d4-294a-48b6-871f-4482d3c4e030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56672", "type": "seen", "source": "https://t.me/cvedetector/13761", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56672 - QEMU Linux Kernel UAF in blk-cgroup\", \n \"Content\": \"CVE ID : CVE-2024-56672 \nPublished : Dec. 27, 2024, 3:15 p.m. | 32\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nblk-cgroup: Fix UAF in blkcg_unpin_online() \n \nblkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To \nwalk up, it uses blkcg_parent(blkcg) but it was calling that after \nblkcg_destroy_blkgs(blkcg) which could free the blkcg, leading to the \nfollowing UAF: \n \n ================================================================== \n BUG: KASAN: slab-use-after-free in blkcg_unpin_online+0x15a/0x270 \n Read of size 8 at addr ffff8881057678c0 by task kworker/9:1/117 \n \n CPU: 9 UID: 0 PID: 117 Comm: kworker/9:1 Not tainted 6.13.0-rc1-work-00182-gb8f52214c61a-dirty #48 \n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 02/02/2022 \n Workqueue: cgwb_release cgwb_release_workfn \n Call Trace: \n \n dump_stack_lvl+0x27/0x80 \n print_report+0x151/0x710 \n kasan_report+0xc0/0x100 \n blkcg_unpin_online+0x15a/0x270 \n cgwb_release_workfn+0x194/0x480 \n process_scheduled_works+0x71b/0xe20 \n worker_thread+0x82a/0xbd0 \n kthread+0x242/0x2c0 \n ret_from_fork+0x33/0x70 \n ret_from_fork_asm+0x1a/0x30 \n \n ... \n Freed by task 1944: \n kasan_save_track+0x2b/0x70 \n kasan_save_free_info+0x3c/0x50 \n __kasan_slab_free+0x33/0x50 \n kfree+0x10c/0x330 \n css_free_rwork_fn+0xe6/0xb30 \n process_scheduled_works+0x71b/0xe20 \n worker_thread+0x82a/0xbd0 \n kthread+0x242/0x2c0 \n ret_from_fork+0x33/0x70 \n ret_from_fork_asm+0x1a/0x30 \n \nNote that the UAF is not easy to trigger as the free path is indirected \nbehind a couple RCU grace periods and a work item execution. I could only \ntrigger it with artifical msleep() injected in blkcg_unpin_online(). \n \nFix it by reading the parent pointer before destroying the blkcg's blkg's. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T16:50:49.000000Z"}]}