{"vulnerability": "cve-2024-5787", "sightings": [{"uuid": "3959f851-f50c-481a-a250-d8de618f4a7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57872", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113810288102758843", "content": "", "creation_timestamp": "2025-01-11T14:52:59.876419Z"}, {"uuid": "d26bb6d1-7cd9-4f33-8394-a22528bfe448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57879", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113810360706329976", "content": "", "creation_timestamp": "2025-01-11T15:11:27.811278Z"}, {"uuid": "f5699843-87cc-4263-b8c4-aa082edc5017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57872", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhyri2hje2l", "content": "", "creation_timestamp": "2025-01-11T15:15:36.170532Z"}, {"uuid": "43c7b165-b827-40f2-aca2-60b9b1510661", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57874", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhyrke5mx2k", "content": "", "creation_timestamp": "2025-01-11T15:15:38.724472Z"}, {"uuid": "158fee36-a7cd-4f84-b372-10812298e9d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57875", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhyrmjx4z22", "content": "", "creation_timestamp": "2025-01-11T15:15:40.925193Z"}, {"uuid": "4637a37a-6d01-49d8-b077-c0af2360974c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57876", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhyrox3du27", "content": "", "creation_timestamp": "2025-01-11T15:15:43.420575Z"}, {"uuid": "b0f54486-941c-406a-88c9-f536deeff105", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57877", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhyrrj5qx2k", "content": "", "creation_timestamp": "2025-01-11T15:15:46.150520Z"}, {"uuid": "f1c3d8b7-9bee-4f2f-8173-63f83cdaeca5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57878", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhyrtq3ty2a", "content": "", "creation_timestamp": "2025-01-11T15:15:48.639483Z"}, {"uuid": "d2435bc3-b76c-4ab2-a5e4-80f8519739ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57879", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhyrw5y2v2x", "content": "", "creation_timestamp": "2025-01-11T15:15:51.049470Z"}, {"uuid": "3cfef808-de55-4299-89ce-472273bd982b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57876", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfi22fjnti2h", "content": "", "creation_timestamp": "2025-01-11T15:38:29.489666Z"}, {"uuid": "7c9a098c-4d4c-4903-9e03-5c861e3f7318", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57878", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfi22fylmb2w", "content": "", "creation_timestamp": "2025-01-11T15:38:30.345631Z"}, {"uuid": "6affcc4f-de5f-4e55-a44b-3ed72b7643ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57872", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfi244qk4b2w", "content": "", "creation_timestamp": "2025-01-11T15:39:27.211913Z"}, {"uuid": "91b72641-09e2-4e0e-843c-1e3cdf48d2f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57875", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfi2454jtd2k", "content": "", "creation_timestamp": "2025-01-11T15:39:28.052149Z"}, {"uuid": "ec01759f-1859-4224-81bb-04b1af9101e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57874", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfi2457uor2g", "content": "", "creation_timestamp": "2025-01-11T15:39:28.654926Z"}, {"uuid": "097f60f3-2c13-44e3-a2e7-4517f7485fe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57877", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfi245oa2z2h", "content": "", "creation_timestamp": "2025-01-11T15:39:30.667422Z"}, {"uuid": "d2ce29f9-48db-4828-995b-fa46ac342a2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57874", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "c66f327d-48df-48d0-bca1-89980dda7d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57876", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1319", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57876\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Fix resetting msg rx state after topology removal\n\nIf the MST topology is removed during the reception of an MST down reply\nor MST up request sideband message, the\ndrm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset\nfrom one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with\nthe reading/parsing of the message from another thread via\ndrm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The race is\npossible since the reader/parser doesn't hold any lock while accessing\nthe reception state. This in turn can lead to a memory corruption in the\nreader/parser as described by commit bd2fccac61b4 (\"drm/dp_mst: Fix MST\nsideband message body length check\").\n\nFix the above by resetting the message reception state if needed before\nreading/parsing a message. Another solution would be to hold the\ndrm_dp_mst_topology_mgr::lock for the whole duration of the message\nreception/parsing in drm_dp_mst_handle_down_rep() and\ndrm_dp_mst_handle_up_req(), however this would require a bigger change.\nSince the fix is also needed for stable, opting for the simpler solution\nin this patch.\n\ud83d\udccf Published: 2025-01-11T14:49:02.550Z\n\ud83d\udccf Modified: 2025-01-11T14:49:02.550Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/94b33b2d7640e807869451384eb88321dd0ffbd4\n2. https://git.kernel.org/stable/c/d834d20d2e86c52ed5cab41763fa61e6071680ef\n3. https://git.kernel.org/stable/c/be826b4451fd187a7c0b04be4f8243d5df6e0450\n4. https://git.kernel.org/stable/c/a6fa67d26de385c3c7a23c1e109a0e23bfda4ec7", "creation_timestamp": "2025-01-11T15:04:34.000000Z"}, {"uuid": "43ac490a-44fd-4af4-a060-d697993ed7df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-57876", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "69e14c82-3f8e-4c58-a4e8-6e37fcbf25df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-57872", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "e2b01dc9-90a5-4ebc-a558-5239e06c6b2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-57875", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "34f1f062-d0fa-491c-be97-68190e1a9563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-57875", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "731e14dc-e0c5-4af8-b885-2ceaf6425c93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-57872", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "482f881d-5edc-42ed-807b-1beada7db353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57878", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1317", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57878\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\narm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR\n\nCurrently fpmr_set() doesn't initialize the temporary 'fpmr' variable,\nand a SETREGSET call with a length of zero will leave this\nuninitialized. Consequently an arbitrary value will be written back to\ntarget->thread.uw.fpmr, potentially leaking up to 64 bits of memory from\nthe kernel stack. The read is limited to a specific slot on the stack,\nand the issue does not provide a write mechanism.\n\nFix this by initializing the temporary value before copying the regset\nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,\nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing\ncontents of FPMR will be retained.\n\nBefore this patch:\n\n| # ./fpmr-test\n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n|\n| Attempting to write NT_ARM_FPMR (zero length)\n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0xffff800083963d50\n\nAfter this patch:\n\n| # ./fpmr-test\n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n|\n| Attempting to write NT_ARM_FPMR (zero length)\n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n\ud83d\udccf Published: 2025-01-11T14:49:04.088Z\n\ud83d\udccf Modified: 2025-01-11T14:49:04.088Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/8ab73c34e3c5b580721696665eabd799346bc50b\n2. https://git.kernel.org/stable/c/f5d71291841aecfe5d8435da2dfa7f58ccd18bc8", "creation_timestamp": "2025-01-11T15:04:27.000000Z"}, {"uuid": "137db207-de43-411f-90a1-14839df9dfa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57874", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1321", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57874\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\narm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL\n\nCurrently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl'\nvariable, and a SETREGSET call with a length of zero will leave this\nuninitialized. Consequently tagged_addr_ctrl_set() will consume an\narbitrary value, potentially leaking up to 64 bits of memory from the\nkernel stack. The read is limited to a specific slot on the stack, and\nthe issue does not provide a write mechanism.\n\nAs set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and\nrejects other values, a partial SETREGSET attempt will randomly succeed\nor fail depending on the value of the uninitialized value, and the\nexposure is significantly limited.\n\nFix this by initializing the temporary value before copying the regset\nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,\nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing\nvalue of the tagged address ctrl will be retained.\n\nThe NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the\nuser_aarch64_view used by a native AArch64 task to manipulate another\nnative AArch64 task. As get_tagged_addr_ctrl() only returns an error\nvalue when called for a compat task, tagged_addr_ctrl_get() and\ntagged_addr_ctrl_set() should never observe an error value from\nget_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that\nsuch an error would be unexpected, and error handlnig is not missing in\neither case.\n\ud83d\udccf Published: 2025-01-11T14:47:10.665Z\n\ud83d\udccf Modified: 2025-01-11T14:47:10.665Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/1152dd13845efde5554f80c7e1233bae1d26bd3e\n2. https://git.kernel.org/stable/c/1c176f5155ee6161fee6f416b64aa50394d3f220\n3. https://git.kernel.org/stable/c/1370cf3eb5495d70e00547598583a4cd45b40b99\n4. https://git.kernel.org/stable/c/96035c0093db258975b8887676afe59a64c34a72\n5. https://git.kernel.org/stable/c/abd614bbfcee73247495bd9472da8f85ac83546e\n6. https://git.kernel.org/stable/c/ca62d90085f4af36de745883faab9f8a7cbb45d3", "creation_timestamp": "2025-01-11T15:04:50.000000Z"}, {"uuid": "51fa1688-4cc0-4d41-864a-18ea05023696", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57875", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1320", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57875\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nblock: RCU protect disk->conv_zones_bitmap\n\nEnsure that a disk revalidation changing the conventional zones bitmap\nof a disk does not cause invalid memory references when using the\ndisk_zone_is_conv() helper by RCU protecting the disk->conv_zones_bitmap\npointer.\n\ndisk_zone_is_conv() is modified to operate under the RCU read lock and\nthe function disk_set_conv_zones_bitmap() is added to update a disk\nconv_zones_bitmap pointer using rcu_replace_pointer() with the disk\nzone_wplugs_lock spinlock held.\n\ndisk_free_zone_resources() is modified to call\ndisk_update_zone_resources() with a NULL bitmap pointer to free the disk\nconv_zones_bitmap. disk_set_conv_zones_bitmap() is also used in\ndisk_update_zone_resources() to set the new (revalidated) bitmap and\nfree the old one.\n\ud83d\udccf Published: 2025-01-11T14:49:01.655Z\n\ud83d\udccf Modified: 2025-01-11T14:49:01.655Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/493326c4f10cc71a42c27fdc97ce112182ee4cbc\n2. https://git.kernel.org/stable/c/d7cb6d7414ea1b33536fa6d11805cb8dceec1f97", "creation_timestamp": "2025-01-11T15:04:37.000000Z"}, {"uuid": "7045e949-fbae-4ac5-bcdd-e392907b7f3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57872", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1327", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57872\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()\n\nThis will ensure that the scsi host is cleaned up properly using\nscsi_host_dev_release(). Otherwise, it may lead to memory leaks.\n\ud83d\udccf Published: 2025-01-11T14:31:00.610Z\n\ud83d\udccf Modified: 2025-01-11T14:31:00.610Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/cd188519d2467ab4c2141587b0551ba030abff0e\n2. https://git.kernel.org/stable/c/897df60c16d54ad515a3d0887edab5c63da06d1f", "creation_timestamp": "2025-01-11T15:05:16.000000Z"}, {"uuid": "516b96cd-f55d-49ab-870a-16b39a6ebce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57872", "type": "seen", "source": "https://t.me/cvedetector/15097", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57872 - \"ufs UFS Dellocate HBA Memory Leak Vulnerability in SCSI Linux Kernel\"\", \n  \"Content\": \"CVE ID : CVE-2024-57872 \nPublished : Jan. 11, 2025, 3:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nscsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()  \n  \nThis will ensure that the scsi host is cleaned up properly using  \nscsi_host_dev_release(). Otherwise, it may lead to memory leaks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T17:26:47.000000Z"}, {"uuid": "7622dfe9-a8e7-4820-9012-43a1a6abe3bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57877", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1318", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57877\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\narm64: ptrace: fix partial SETREGSET for NT_ARM_POE\n\nCurrently poe_set() doesn't initialize the temporary 'ctrl' variable,\nand a SETREGSET call with a length of zero will leave this\nuninitialized. Consequently an arbitrary value will be written back to\ntarget->thread.por_el0, potentially leaking up to 64 bits of memory from\nthe kernel stack. The read is limited to a specific slot on the stack,\nand the issue does not provide a write mechanism.\n\nFix this by initializing the temporary value before copying the regset\nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,\nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing\ncontents of POR_EL1 will be retained.\n\nBefore this patch:\n\n| # ./poe-test\n| Attempting to write NT_ARM_POE::por_el0 = 0x900d900d900d900d\n| SETREGSET(nt=0x40f, len=8) wrote 8 bytes\n|\n| Attempting to read NT_ARM_POE::por_el0\n| GETREGSET(nt=0x40f, len=8) read 8 bytes\n| Read NT_ARM_POE::por_el0 = 0x900d900d900d900d\n|\n| Attempting to write NT_ARM_POE (zero length)\n| SETREGSET(nt=0x40f, len=0) wrote 0 bytes\n|\n| Attempting to read NT_ARM_POE::por_el0\n| GETREGSET(nt=0x40f, len=8) read 8 bytes\n| Read NT_ARM_POE::por_el0 = 0xffff8000839c3d50\n\nAfter this patch:\n\n| # ./poe-test\n| Attempting to write NT_ARM_POE::por_el0 = 0x900d900d900d900d\n| SETREGSET(nt=0x40f, len=8) wrote 8 bytes\n|\n| Attempting to read NT_ARM_POE::por_el0\n| GETREGSET(nt=0x40f, len=8) read 8 bytes\n| Read NT_ARM_POE::por_el0 = 0x900d900d900d900d\n|\n| Attempting to write NT_ARM_POE (zero length)\n| SETREGSET(nt=0x40f, len=0) wrote 0 bytes\n|\n| Attempting to read NT_ARM_POE::por_el0\n| GETREGSET(nt=0x40f, len=8) read 8 bytes\n| Read NT_ARM_POE::por_el0 = 0x900d900d900d900d\n\ud83d\udccf Published: 2025-01-11T14:49:03.297Z\n\ud83d\udccf Modified: 2025-01-11T14:49:03.297Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4105dd76bc8ad6529d47157ef0565cb84ca6676c\n2. https://git.kernel.org/stable/c/594bfc4947c4fcabba1318d8384c61a29a6b89fb", "creation_timestamp": "2025-01-11T15:04:31.000000Z"}, {"uuid": "e05cd1ae-10a6-47b2-8382-459e813ef844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57875", "type": "seen", "source": "https://t.me/cvedetector/15094", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57875 - Linux kernel Drupal Uninitialized Pointer\", \n  \"Content\": \"CVE ID : CVE-2024-57875 \nPublished : Jan. 11, 2025, 3:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nblock: RCU protect disk->conv_zones_bitmap  \n  \nEnsure that a disk revalidation changing the conventional zones bitmap  \nof a disk does not cause invalid memory references when using the  \ndisk_zone_is_conv() helper by RCU protecting the disk->conv_zones_bitmap  \npointer.  \n  \ndisk_zone_is_conv() is modified to operate under the RCU read lock and  \nthe function disk_set_conv_zones_bitmap() is added to update a disk  \nconv_zones_bitmap pointer using rcu_replace_pointer() with the disk  \nzone_wplugs_lock spinlock held.  \n  \ndisk_free_zone_resources() is modified to call  \ndisk_update_zone_resources() with a NULL bitmap pointer to free the disk  \nconv_zones_bitmap. disk_set_conv_zones_bitmap() is also used in  \ndisk_update_zone_resources() to set the new (revalidated) bitmap and  \nfree the old one. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T17:26:42.000000Z"}, {"uuid": "2df216b9-c54a-4ded-a5f7-a107ecbb9e89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57874", "type": "seen", "source": "https://t.me/cvedetector/15093", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57874 - Linux Kernel Arm64 CPU Address Control Information Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-57874 \nPublished : Jan. 11, 2025, 3:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \narm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL  \n  \nCurrently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl'  \nvariable, and a SETREGSET call with a length of zero will leave this  \nuninitialized. Consequently tagged_addr_ctrl_set() will consume an  \narbitrary value, potentially leaking up to 64 bits of memory from the  \nkernel stack. The read is limited to a specific slot on the stack, and  \nthe issue does not provide a write mechanism.  \n  \nAs set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and  \nrejects other values, a partial SETREGSET attempt will randomly succeed  \nor fail depending on the value of the uninitialized value, and the  \nexposure is significantly limited.  \n  \nFix this by initializing the temporary value before copying the regset  \nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,  \nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing  \nvalue of the tagged address ctrl will be retained.  \n  \nThe NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the  \nuser_aarch64_view used by a native AArch64 task to manipulate another  \nnative AArch64 task. As get_tagged_addr_ctrl() only returns an error  \nvalue when called for a compat task, tagged_addr_ctrl_get() and  \ntagged_addr_ctrl_set() should never observe an error value from  \nget_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that  \nsuch an error would be unexpected, and error handlnig is not missing in  \neither case. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T17:26:41.000000Z"}, {"uuid": "31f63c6d-86d9-4e66-9882-3b25f1aa3c9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57876", "type": "seen", "source": "https://t.me/cvedetector/15095", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57876 - Linux Kernel DRM DP MST Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-57876 \nPublished : Jan. 11, 2025, 3:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/dp_mst: Fix resetting msg rx state after topology removal  \n  \nIf the MST topology is removed during the reception of an MST down reply  \nor MST up request sideband message, the  \ndrm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset  \nfrom one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with  \nthe reading/parsing of the message from another thread via  \ndrm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The race is  \npossible since the reader/parser doesn't hold any lock while accessing  \nthe reception state. This in turn can lead to a memory corruption in the  \nreader/parser as described by commit bd2fccac61b4 (\"drm/dp_mst: Fix MST  \nsideband message body length check\").  \n  \nFix the above by resetting the message reception state if needed before  \nreading/parsing a message. Another solution would be to hold the  \ndrm_dp_mst_topology_mgr::lock for the whole duration of the message  \nreception/parsing in drm_dp_mst_handle_down_rep() and  \ndrm_dp_mst_handle_up_req(), however this would require a bigger change.  \nSince the fix is also needed for stable, opting for the simpler solution  \nin this patch. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T17:26:43.000000Z"}, {"uuid": "d1b32453-170c-43c5-abbb-b20238747800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57879", "type": "seen", "source": "https://t.me/cvedetector/15087", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57879 - Qualcomm Bluetooth Linux Module - Resource Leaking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-57879 \nPublished : Jan. 11, 2025, 3:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nBluetooth: iso: Always release hdev at the end of iso_listen_bis  \n  \nSince hci_get_route holds the device before returning, the hdev  \nshould be released with hci_dev_put at the end of iso_listen_bis  \neven if the function returns with an error. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T17:26:33.000000Z"}, {"uuid": "e0acdd48-caa9-46a8-b52c-6fc90f0611b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57878", "type": "seen", "source": "https://t.me/cvedetector/15086", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57878 - Linux Kernel Arm64 Ptrace FPMR Initialization Leak\", \n  \"Content\": \"CVE ID : CVE-2024-57878 \nPublished : Jan. 11, 2025, 3:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \narm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR  \n  \nCurrently fpmr_set() doesn't initialize the temporary 'fpmr' variable,  \nand a SETREGSET call with a length of zero will leave this  \nuninitialized. Consequently an arbitrary value will be written back to  \ntarget->thread.uw.fpmr, potentially leaking up to 64 bits of memory from  \nthe kernel stack. The read is limited to a specific slot on the stack,  \nand the issue does not provide a write mechanism.  \n  \nFix this by initializing the temporary value before copying the regset  \nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,  \nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing  \ncontents of FPMR will be retained.  \n  \nBefore this patch:  \n  \n| # ./fpmr-test  \n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n|  \n| Attempting to write NT_ARM_FPMR (zero length)  \n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0xffff800083963d50  \n  \nAfter this patch:  \n  \n| # ./fpmr-test  \n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n|  \n| Attempting to write NT_ARM_FPMR (zero length)  \n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T17:26:32.000000Z"}, {"uuid": "b6821faa-23fa-42d6-8808-634c8cf40d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57877", "type": "seen", "source": "https://t.me/cvedetector/15085", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57877 - Linux Kernel arm64: ptrace: POR_EL0 Information Leak\", \n  \"Content\": \"CVE ID : CVE-2024-57877 \nPublished : Jan. 11, 2025, 3:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \narm64: ptrace: fix partial SETREGSET for NT_ARM_POE  \n  \nCurrently poe_set() doesn't initialize the temporary 'ctrl' variable,  \nand a SETREGSET call with a length of zero will leave this  \nuninitialized. Consequently an arbitrary value will be written back to  \ntarget->thread.por_el0, potentially leaking up to 64 bits of memory from  \nthe kernel stack. The read is limited to a specific slot on the stack,  \nand the issue does not provide a write mechanism.  \n  \nFix this by initializing the temporary value before copying the regset  \nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,  \nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing  \ncontents of POR_EL1 will be retained.  \n  \nBefore this patch:  \n  \n| # ./poe-test  \n| Attempting to write NT_ARM_POE::por_el0 = 0x900d900d900d900d  \n| SETREGSET(nt=0x40f, len=8) wrote 8 bytes  \n|  \n| Attempting to read NT_ARM_POE::por_el0  \n| GETREGSET(nt=0x40f, len=8) read 8 bytes  \n| Read NT_ARM_POE::por_el0 = 0x900d900d900d900d  \n|  \n| Attempting to write NT_ARM_POE (zero length)  \n| SETREGSET(nt=0x40f, len=0) wrote 0 bytes  \n|  \n| Attempting to read NT_ARM_POE::por_el0  \n| GETREGSET(nt=0x40f, len=8) read 8 bytes  \n| Read NT_ARM_POE::por_el0 = 0xffff8000839c3d50  \n  \nAfter this patch:  \n  \n| # ./poe-test  \n| Attempting to write NT_ARM_POE::por_el0 = 0x900d900d900d900d  \n| SETREGSET(nt=0x40f, len=8) wrote 8 bytes  \n|  \n| Attempting to read NT_ARM_POE::por_el0  \n| GETREGSET(nt=0x40f, len=8) read 8 bytes  \n| Read NT_ARM_POE::por_el0 = 0x900d900d900d900d  \n|  \n| Attempting to write NT_ARM_POE (zero length)  \n| SETREGSET(nt=0x40f, len=0) wrote 0 bytes  \n|  \n| Attempting to read NT_ARM_POE::por_el0  \n| GETREGSET(nt=0x40f, len=8) read 8 bytes  \n| Read NT_ARM_POE::por_el0 = 0x900d900d900d900d \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T17:26:28.000000Z"}]}