{"vulnerability": "cve-2024-5677", "sightings": [{"uuid": "41be0aca-6365-4d7c-b517-4d638080af84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56773", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfataughe52g", "content": "", "creation_timestamp": "2025-01-08T18:48:14.834822Z"}, {"uuid": "e8dcd9da-a491-47a5-a3fb-c0d7ea787c8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56774", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfatausmw22y", "content": "", "creation_timestamp": "2025-01-08T18:48:15.755678Z"}, {"uuid": "6f509a37-b128-4609-9b3c-7d83ca10786f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56776", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfatauwaaq2q", "content": "", "creation_timestamp": "2025-01-08T18:48:16.376895Z"}, {"uuid": "205f5be0-701e-4a98-94c9-26c6b0e3618a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56770", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfao3eywor2d", "content": "", "creation_timestamp": "2025-01-08T17:15:39.287525Z"}, {"uuid": "3b3a8f39-891f-48b7-8e2b-1ef451df3d71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56770", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfapmji3hy2g", "content": "", "creation_timestamp": "2025-01-08T17:43:09.419841Z"}, {"uuid": "919616b1-1694-40e1-96fd-33b8324c278c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56771", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794007386644448", "content": "", "creation_timestamp": "2025-01-08T17:52:35.823425Z"}, {"uuid": "7bd88734-114b-4232-a683-ea56c44f04c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56773", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794007417385616", "content": "", "creation_timestamp": "2025-01-08T17:52:36.402179Z"}, {"uuid": "7a7b4585-35b0-478d-a269-4e702d2a89d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56772", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794007403045568", "content": "", "creation_timestamp": "2025-01-08T17:52:36.448954Z"}, {"uuid": "d40d022b-8501-4d5b-8fed-0cf1e89e588f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56774", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794007433747830", "content": "", "creation_timestamp": "2025-01-08T17:52:36.573834Z"}, {"uuid": "15389e90-0e0c-4221-a969-4fdc5f0eefe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56775", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794066434882319", "content": "", "creation_timestamp": "2025-01-08T18:07:36.800102Z"}, {"uuid": "3ea3c7ce-ceb1-410e-8e8e-466b30f06f67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56776", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794066449399307", "content": "", "creation_timestamp": "2025-01-08T18:07:37.054577Z"}, {"uuid": "b68fa773-5492-4716-93f4-62d63e50c5d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56778", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794066477382175", "content": "", "creation_timestamp": "2025-01-08T18:07:37.470892Z"}, {"uuid": "d1d4e4ab-0d71-43f2-b6bc-e4e760a84963", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56777", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794066463635112", "content": "", "creation_timestamp": "2025-01-08T18:07:37.780852Z"}, {"uuid": "13732d08-ab0b-4c14-a9ba-0251e64d0509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56771", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfargr5bta2i", "content": "", "creation_timestamp": "2025-01-08T18:15:42.350379Z"}, {"uuid": "af241af1-ecac-47e8-a327-81b2cbbfe5ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56776", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfarh4spqa2f", "content": "", "creation_timestamp": "2025-01-08T18:15:54.615466Z"}, {"uuid": "a4e77f99-7726-4aa1-8aeb-85690805450e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56772", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfargtmmko2l", "content": "", "creation_timestamp": "2025-01-08T18:15:45.045318Z"}, {"uuid": "a05dea5b-614c-4472-bc87-7cac9642d6e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56773", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfargvtxsi2f", "content": "", "creation_timestamp": "2025-01-08T18:15:47.226084Z"}, {"uuid": "c76aca73-18ca-4e13-9ade-b43b45f97a34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56774", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfargy6tdm25", "content": "", "creation_timestamp": "2025-01-08T18:15:49.675518Z"}, {"uuid": "68fc0545-66b6-44c6-8b50-23fccace8779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56775", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfarh2lndf2k", "content": "", "creation_timestamp": "2025-01-08T18:15:52.159437Z"}, {"uuid": "90769b13-6948-48c9-aca6-4b1a9bf45b16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56777", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfarh76bq425", "content": "", "creation_timestamp": "2025-01-08T18:15:57.083267Z"}, {"uuid": "07822b53-34f6-4cfc-9e6c-3fd182a05cb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56778", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfarhbw3s52f", "content": "", "creation_timestamp": "2025-01-08T18:16:00.038944Z"}, {"uuid": "dbe0db2e-3089-4e65-9f15-87a32d54dfed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56779", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfarhetlg62l", "content": "", "creation_timestamp": "2025-01-08T18:16:03.158439Z"}, {"uuid": "c9e391b4-20d4-4a2b-bf0d-058df5962858", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56779", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794125484036956", "content": "", "creation_timestamp": "2025-01-08T18:22:37.883612Z"}, {"uuid": "2594469b-0890-4f59-9c14-119336157f10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56772", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfatatc46i2i", "content": "", "creation_timestamp": "2025-01-08T18:48:10.791802Z"}, {"uuid": "dbe26312-6412-400d-9103-e79619c6dd29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56775", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfatatogm32k", "content": "", "creation_timestamp": "2025-01-08T18:48:11.677600Z"}, {"uuid": "a7fd3962-8db1-4c88-b10c-42153e783930", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56777", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfatatx4oa2q", "content": "", "creation_timestamp": "2025-01-08T18:48:12.949722Z"}, {"uuid": "36ef6c88-9bac-4b2f-a2eb-32787e74ceb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56778", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfatauahuh2g", "content": "", "creation_timestamp": "2025-01-08T18:48:14.155294Z"}, {"uuid": "3bbae7bd-e823-49e2-b8c8-45947d91f1e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56779", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "548cf7dc-fd39-4337-a5eb-01092679e86f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56770", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "b8b1cbdd-6993-4c31-9805-0d9916044b44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-56775", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "d360e6cb-0e94-4f02-a559-97a3b752b38e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-56776", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "01bd8e6e-538e-49b1-a351-6ce6d36a9c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-56778", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "17617fd1-9c5f-4710-aa07-f9e5e4172c9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56772", "type": "seen", "source": "https://t.me/cvedetector/14721", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56772 - Linux kernel: Uninitialized Free Pointer (UAF) vulnerability in kunit string-stream module.\", \n \"Content\": \"CVE ID : CVE-2024-56772 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nkunit: string-stream: Fix a UAF bug in kunit_init_suite() \n \nIn kunit_debugfs_create_suite(), if alloc_string_stream() fails in the \nkunit_suite_for_each_test_case() loop, the \"suite->log = stream\" \nhas assigned before, and the error path only free the suite->log's stream \nmemory but not set it to NULL, so the later string_stream_clear() of \nsuite->log in kunit_init_suite() will cause below UAF bug. \n \nSet stream pointer to NULL after free to fix it. \n \n Unable to handle kernel paging request at virtual address 006440150000030d \n Mem abort info: \n ESR = 0x0000000096000004 \n EC = 0x25: DABT (current EL), IL = 32 bits \n SET = 0, FnV = 0 \n EA = 0, S1PTW = 0 \n FSC = 0x04: level 0 translation fault \n Data abort info: \n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 \n CM = 0, WnR = 0, TnD = 0, TagAccess = 0 \n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 \n [006440150000030d] address between user and kernel address ranges \n Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP \n Dumping ftrace buffer: \n (ftrace buffer empty) \n Modules linked in: iio_test_gts industrialio_gts_helper cfg80211 rfkill ipv6 [last unloaded: iio_test_gts] \n CPU: 5 UID: 0 PID: 6253 Comm: modprobe Tainted: G B W N 6.12.0-rc4+ #458 \n Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST \n Hardware name: linux,dummy-virt (DT) \n pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) \n pc : string_stream_clear+0x54/0x1ac \n lr : string_stream_clear+0x1a8/0x1ac \n sp : ffffffc080b47410 \n x29: ffffffc080b47410 x28: 006440550000030d x27: ffffff80c96b5e98 \n x26: ffffff80c96b5e80 x25: ffffffe461b3f6c0 x24: 0000000000000003 \n x23: ffffff80c96b5e88 x22: 1ffffff019cdf4fc x21: dfffffc000000000 \n x20: ffffff80ce6fa7e0 x19: 032202a80000186d x18: 0000000000001840 \n x17: 0000000000000000 x16: 0000000000000000 x15: ffffffe45c355cb4 \n x14: ffffffe45c35589c x13: ffffffe45c03da78 x12: ffffffb810168e75 \n x11: 1ffffff810168e74 x10: ffffffb810168e74 x9 : dfffffc000000000 \n x8 : 0000000000000004 x7 : 0000000000000003 x6 : 0000000000000001 \n x5 : ffffffc080b473a0 x4 : 0000000000000000 x3 : 0000000000000000 \n x2 : 0000000000000001 x1 : ffffffe462fbf620 x0 : dfffffc000000000 \n Call trace: \n string_stream_clear+0x54/0x1ac \n __kunit_test_suites_init+0x108/0x1d8 \n kunit_exec_run_tests+0xb8/0x100 \n kunit_module_notify+0x400/0x55c \n notifier_call_chain+0xfc/0x3b4 \n blocking_notifier_call_chain+0x68/0x9c \n do_init_module+0x24c/0x5c8 \n load_module+0x4acc/0x4e90 \n init_module_from_file+0xd4/0x128 \n idempotent_init_module+0x2d4/0x57c \n __arm64_sys_finit_module+0xac/0x100 \n invoke_syscall+0x6c/0x258 \n el0_svc_common.constprop.0+0x160/0x22c \n do_el0_svc+0x44/0x5c \n el0_svc+0x48/0xb8 \n el0t_64_sync_handler+0x13c/0x158 \n el0t_64_sync+0x190/0x194 \n Code: f9400753 d2dff800 f2fbffe0 d343fe7c (38e06b80) \n ---[ end trace 0000000000000000 ]--- \n Kernel panic - not syncing: Oops: Fatal exception \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T20:00:06.000000Z"}, {"uuid": "2be681cc-a7a6-40b8-baa3-9986a0f6a9e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-56777", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "4f125b9d-50c4-467a-a4d6-f9ed369fb8a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56773", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/779", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56773\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nkunit: Fix potential null dereference in kunit_device_driver_test()\n\nkunit_kzalloc() may return a NULL pointer, dereferencing it without\nNULL check may lead to NULL dereference.\nAdd a NULL check for test_state.\n\ud83d\udccf Published: 2025-01-08T17:49:12.275Z\n\ud83d\udccf Modified: 2025-01-08T17:49:12.275Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5d28fac59369b5d3c48cdf09e50275a61ff91202\n2. https://git.kernel.org/stable/c/435c20eed572a95709b1536ff78832836b2f91b1", "creation_timestamp": "2025-01-08T18:22:53.000000Z"}, {"uuid": "97363525-4b44-4464-b1e8-330600a12982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56778", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/774", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56778\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check\n\nThe return value of drm_atomic_get_crtc_state() needs to be\nchecked. To avoid use of error pointer 'crtc_state' in case\nof the failure.\n\ud83d\udccf Published: 2025-01-08T17:49:16.207Z\n\ud83d\udccf Modified: 2025-01-08T17:49:16.207Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/31c857e7496d34e5a32a6f75bc024d0b06fd646a\n2. https://git.kernel.org/stable/c/6b0d0d6e9d3c26697230bf7dc9e6b52bdb24086f\n3. https://git.kernel.org/stable/c/82a5312f874fb18f045d9658e9bd290e3b0621c0\n4. https://git.kernel.org/stable/c/837eb99ad3340c7a9febf454f41c8e3edb68ac1e\n5. https://git.kernel.org/stable/c/c1ab40a1fdfee732c7e6ff2fb8253760293e47e8", "creation_timestamp": "2025-01-08T18:21:31.000000Z"}, {"uuid": "d7d09ae1-ae13-4385-b235-22453056139c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56774", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/778", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56774\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: add a sanity check for btrfs root in btrfs_search_slot()\n\nSyzbot reports a null-ptr-deref in btrfs_search_slot().\n\nThe reproducer is using rescue=ibadroots, and the extent tree root is\ncorrupted thus the extent tree is NULL.\n\nWhen scrub tries to search the extent tree to gather the needed extent\ninfo, btrfs_search_slot() doesn't check if the target root is NULL or\nnot, resulting the null-ptr-deref.\n\nAdd sanity check for btrfs root before using it in btrfs_search_slot().\n\ud83d\udccf Published: 2025-01-08T17:49:13.121Z\n\ud83d\udccf Modified: 2025-01-08T17:49:13.121Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c71d114ef68c95da5a82ec85a721ab31f5bd905b\n2. https://git.kernel.org/stable/c/db66fb87c21e8ae724886e6a464dcbac562a64c6\n3. https://git.kernel.org/stable/c/757171d1369b3b47f36932d40a05a0715496dcab\n4. https://git.kernel.org/stable/c/93992c3d9629b02dccf6849238559d5c24f2dece\n5. https://git.kernel.org/stable/c/3ed51857a50f530ac7a1482e069dfbd1298558d4", "creation_timestamp": "2025-01-08T18:22:41.000000Z"}, {"uuid": "8ad9b20f-7a06-4d7d-b401-1db7c4479fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56775", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/777", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56775\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix handling of plane refcount\n\n[Why]\nThe mechanism to backup and restore plane states doesn't maintain\nrefcount, which can cause issues if the refcount of the plane changes\nin between backup and restore operations, such as memory leaks if the\nrefcount was supposed to go down, or double frees / invalid memory\naccesses if the refcount was supposed to go up.\n\n[How]\nCache and re-apply current refcount when restoring plane states.\n\ud83d\udccf Published: 2025-01-08T17:49:13.907Z\n\ud83d\udccf Modified: 2025-01-08T17:49:13.907Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/8cb2f6793845f135b28361ba8e96901cae3e5790\n2. https://git.kernel.org/stable/c/27227a234c1487cb7a684615f0749c455218833a", "creation_timestamp": "2025-01-08T18:22:14.000000Z"}, {"uuid": "c891df3a-dd4f-438e-aaa6-8fe391422799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56776", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/776", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56776\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sti: avoid potential dereference of error pointers\n\nThe return value of drm_atomic_get_crtc_state() needs to be\nchecked. To avoid use of error pointer 'crtc_state' in case\nof the failure.\n\ud83d\udccf Published: 2025-01-08T17:49:14.622Z\n\ud83d\udccf Modified: 2025-01-08T17:49:14.622Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/e98ff67f5a68114804607de549c2350d27628fc7\n2. https://git.kernel.org/stable/c/40725c5fabee804fecce41d4d5c5bae80c45e1c4\n3. https://git.kernel.org/stable/c/8ab73ac97c0fa528f66eeccd9bb53eb6eb7d20dc\n4. https://git.kernel.org/stable/c/f67786293193cf01ebcc6fdbcbd1587b24f52679\n5. https://git.kernel.org/stable/c/831214f77037de02afc287eae93ce97f218d8c04", "creation_timestamp": "2025-01-08T18:21:59.000000Z"}, {"uuid": "1358dff1-af88-4dcf-95db-6b957038ec31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56777", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/775", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56777\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check\n\nThe return value of drm_atomic_get_crtc_state() needs to be\nchecked. To avoid use of error pointer 'crtc_state' in case\nof the failure.\n\ud83d\udccf Published: 2025-01-08T17:49:15.483Z\n\ud83d\udccf Modified: 2025-01-08T17:49:15.483Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/f5804567cf9605d6e5ec46c0bb786f7d50f18c13\n2. https://git.kernel.org/stable/c/b79612ed6bc1a184c45427105c851b5b2d4342ca\n3. https://git.kernel.org/stable/c/997b64c3f4c1827c5cfda8ae7f5d13f78d28b541\n4. https://git.kernel.org/stable/c/3cf2e7c448e246f7e700c7aa47450d1e27579559\n5. https://git.kernel.org/stable/c/e965e771b069421c233d674c3c8cd8c7f7245f42", "creation_timestamp": "2025-01-08T18:21:43.000000Z"}, {"uuid": "d9035c62-4d8e-475b-9dfd-b265d23fa73e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56770", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/14701", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56770 - Linux Netem Qdisc Accounting Backlog Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56770 \nPublished : Jan. 8, 2025, 5:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/sched: netem: account for backlog updates from child qdisc \n \nIn general, 'qlen' of any classful qdisc should keep track of the \nnumber of packets that the qdisc itself and all of its children holds. \nIn case of netem, 'qlen' only accounts for the packets in its internal \ntfifo. When netem is used with a child qdisc, the child qdisc can use \n'qdisc_tree_reduce_backlog' to inform its parent, netem, about created \nor dropped SKBs. This function updates 'qlen' and the backlog statistics \nof netem, but netem does not account for changes made by a child qdisc. \n'qlen' then indicates the wrong number of packets in the tfifo. \nIf a child qdisc creates new SKBs during enqueue and informs its parent \nabout this, netem's 'qlen' value is increased. When netem dequeues the \nnewly created SKBs from the child, the 'qlen' in netem is not updated. \nIf 'qlen' reaches the configured sch->limit, the enqueue function stops \nworking, even though the tfifo is not full. \n \nReproduce the bug: \nEnsure that the sender machine has GSO enabled. Configure netem as root \nqdisc and tbf as its child on the outgoing interface of the machine \nas follows: \n$ tc qdisc add dev root handle 1: netem delay 100ms limit 100 \n$ tc qdisc add dev parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms \n \nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3 \nclient on the machine. Check the qdisc statistics: \n$ tc -s qdisc show dev \n \nStatistics after 10s of iPerf3 TCP test before the fix (note that \nnetem's backlog > limit, netem stopped accepting packets): \nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms \n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0) \n backlog 4294528236b 1155p requeues 0 \nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms \n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0) \n backlog 0b 0p requeues 0 \n \nStatistics after the fix: \nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms \n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0) \n backlog 0b 0p requeues 0 \nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms \n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0) \n backlog 0b 0p requeues 0 \n \ntbf segments the GSO SKBs (tbf_segment) and updates the netem's 'qlen'. \nThe interface fully stops transferring packets and \"locks\". In this case, \nthe child qdisc and tfifo are empty, but 'qlen' indicates the tfifo is at \nits limit and no more packets are accepted. \n \nThis patch adds a counter for the entries in the tfifo. Netem's 'qlen' is \nonly decreased when a packet is returned by its dequeue function, and not \nduring enqueuing into the child qdisc. External updates to 'qlen' are thus \naccounted for and only the behavior of the backlog statistics changes. As \nin other qdiscs, 'qlen' then keeps track of how many packets are held in \nnetem and all of its children. As before, sch->limit remains as the \nmaximum number of packets in the tfifo. The same applies to netem's \nbacklog statistics. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T19:09:33.000000Z"}, {"uuid": "4e714412-1cd9-4096-87da-952780a919e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56771", "type": "seen", "source": "https://t.me/cvedetector/14720", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56771 - \"Winvic Spinand Linux Kernel ECC Information Faking\"\", \n \"Content\": \"CVE ID : CVE-2024-56771 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information \n \nThese four chips: \n* W25N512GW \n* W25N01GW \n* W25N01JW \n* W25N02JW \nall require a single bit of ECC strength and thus feature an on-die \nHamming-like ECC engine. There is no point in filling a ->get_status() \ncallback for them because the main ECC status bytes are located in \nstandard places, and retrieving the number of bitflips in case of \ncorrected chunk is both useless and unsupported (if there are bitflips, \nthen there is 1 at most, so no need to query the chip for that). \n \nWithout this change, a kernel warning triggers every time a bit flips. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T20:00:05.000000Z"}, {"uuid": "3f2e6d15-cc10-4800-a239-b462547b707f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56777", "type": "seen", "source": "https://t.me/cvedetector/14719", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56777 - \"Linux kernel Deref Dereference Error in drm/sti\"\", \n \"Content\": \"CVE ID : CVE-2024-56777 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check \n \nThe return value of drm_atomic_get_crtc_state() needs to be \nchecked. To avoid use of error pointer 'crtc_state' in case \nof the failure. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T20:00:04.000000Z"}, {"uuid": "eb55b45a-3380-429d-9887-f02ed229f9c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56773", "type": "seen", "source": "https://t.me/cvedetector/14718", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56773 - Linux Kernel kunit Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56773 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nkunit: Fix potential null dereference in kunit_device_driver_test() \n \nkunit_kzalloc() may return a NULL pointer, dereferencing it without \nNULL check may lead to NULL dereference. \nAdd a NULL check for test_state. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T20:00:04.000000Z"}, {"uuid": "a3e9fee8-84f7-4869-aaf2-8d0f86f59777", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56779", "type": "seen", "source": "https://t.me/cvedetector/14715", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56779 - NFSd Memory Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56779 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur \n \nThe action force umount(umount -f) will attempt to kill all rpc_task even \numount operation may ultimately fail if some files remain open. \nConsequently, if an action attempts to open a file, it can potentially \nsend two rpc_task to nfs server. \n \n NFS CLIENT \nthread1 thread2 \nopen(\"file\") \n... \nnfs4_do_open \n _nfs4_do_open \n _nfs4_open_and_get_state \n _nfs4_proc_open \n nfs4_run_open_task \n /* rpc_task1 */ \n rpc_run_task \n rpc_wait_for_completion_task \n \n umount -f \n nfs_umount_begin \n rpc_killall_tasks \n rpc_signal_task \n rpc_task1 been wakeup \n and return -512 \n _nfs4_do_open // while loop \n ... \n nfs4_run_open_task \n /* rpc_task2 */ \n rpc_run_task \n rpc_wait_for_completion_task \n \nWhile processing an open request, nfsd will first attempt to find or \nallocate an nfs4_openowner. If it finds an nfs4_openowner that is not \nmarked as NFS4_OO_CONFIRMED, this nfs4_openowner will released. Since \ntwo rpc_task can attempt to open the same file simultaneously from the \nclient to server, and because two instances of nfsd can run \nconcurrently, this situation can lead to lots of memory leak. \nAdditionally, when we echo 0 to /proc/fs/nfsd/threads, warning will be \ntriggered. \n \n NFS SERVER \nnfsd1 nfsd2 echo 0 > /proc/fs/nfsd/threads \n \nnfsd4_open \n nfsd4_process_open1 \n find_or_alloc_open_stateowner \n // alloc oo1, stateid1 \n nfsd4_open \n nfsd4_process_open1 \n find_or_alloc_open_stateowner \n // find oo1, without NFS4_OO_CONFIRMED \n release_openowner \n unhash_openowner_locked \n list_del_init(&oo->oo_perclient) \n // cannot find this oo \n // from client, LEAK!!! \n alloc_stateowner // alloc oo2 \n \n nfsd4_process_open2 \n init_open_stateid \n // associate oo1 \n // with stateid1, stateid1 LEAK!!! \n nfs4_get_vfs_file \n // alloc nfsd_file1 and nfsd_file_mark1 \n // all LEAK!!! \n \n nfsd4_process_open2 \n ... \n \n write_threads \n ... \n nfsd_destroy_serv \n nfsd_shutdown_net \n nfs4_state_shutdown_net \n nfs4_state_destroy_net \n destroy_client \n __destroy_client \n // won't find oo1!!! \n nfsd_shutdown_generic \n nfsd_file_cache_shutdown \n kmem_cache_destroy \n for nfsd_file_slab \n and nfsd_file_mark_slab \n // bark since nfsd_file1 \n // and nfsd_file_mark1 \n // still alive \n \n======================================================================= \nBUG nfsd_file (Not tainted): Objects remaining in nfsd_file on \n__kmem_cache_shutdown() \n--------------------------------------------------------------[...]", "creation_timestamp": "2025-01-08T19:59:58.000000Z"}, {"uuid": "d460c8d7-1681-45ea-a235-739c0d5a3207", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56778", "type": "seen", "source": "https://t.me/cvedetector/14714", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56778 - Linux Kernel - STI Display Driver Use After Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56778 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check \n \nThe return value of drm_atomic_get_crtc_state() needs to be \nchecked. To avoid use of error pointer 'crtc_state' in case \nof the failure. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T19:59:57.000000Z"}, {"uuid": "7243124d-0c36-4cf9-ba1a-808a534ca624", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56776", "type": "seen", "source": "https://t.me/cvedetector/14713", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56776 - Linux Kernel DEREFerence Error (Drm/Sti) Memory Leak\", \n \"Content\": \"CVE ID : CVE-2024-56776 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/sti: avoid potential dereference of error pointers \n \nThe return value of drm_atomic_get_crtc_state() needs to be \nchecked. To avoid use of error pointer 'crtc_state' in case \nof the failure. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T19:59:56.000000Z"}, {"uuid": "641d6d75-b87a-40ac-ac75-73bea93d5b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56775", "type": "seen", "source": "https://t.me/cvedetector/14712", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56775 - AMD Display Refcount Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56775 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/amd/display: Fix handling of plane refcount \n \n[Why] \nThe mechanism to backup and restore plane states doesn't maintain \nrefcount, which can cause issues if the refcount of the plane changes \nin between backup and restore operations, such as memory leaks if the \nrefcount was supposed to go down, or double frees / invalid memory \naccesses if the refcount was supposed to go up. \n \n[How] \nCache and re-apply current refcount when restoring plane states. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T19:59:55.000000Z"}, {"uuid": "f97b2e91-db15-4541-8e02-6889113da135", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56774", "type": "seen", "source": "https://t.me/cvedetector/14711", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56774 - \"Linux Btrfs Null-Pointer Dereference Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-56774 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbtrfs: add a sanity check for btrfs root in btrfs_search_slot() \n \nSyzbot reports a null-ptr-deref in btrfs_search_slot(). \n \nThe reproducer is using rescue=ibadroots, and the extent tree root is \ncorrupted thus the extent tree is NULL. \n \nWhen scrub tries to search the extent tree to gather the needed extent \ninfo, btrfs_search_slot() doesn't check if the target root is NULL or \nnot, resulting the null-ptr-deref. \n \nAdd sanity check for btrfs root before using it in btrfs_search_slot(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T19:59:52.000000Z"}, {"uuid": "7b27f06c-0a58-452e-87dd-6f88fbb87d0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5677", "type": "seen", "source": "https://t.me/cvedetector/496", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-5677 - The Featured Image Generator plugin for WordPress\", \n \"Content\": \"CVE ID : CVE-2024-5677 \nPublished : July 10, 2024, 2:15 a.m. | 18\u00a0minutes ago \nDescription : The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary images to a post-related gallery. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"10 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T04:38:05.000000Z"}]}