{"vulnerability": "cve-2024-5800", "sightings": [{"uuid": "0c51d9b0-e422-4a35-aa09-33137169e9eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58005", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "31b6f11e-19f0-4acc-9335-f79908882595", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58005", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114074439452883259", "content": "", "creation_timestamp": "2025-02-27T06:30:09.368427Z"}, {"uuid": "e19f9c3a-dd62-446d-86f3-264659ec9fa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58002", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5668", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58002\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.\n\ud83d\udccf Published: 2025-02-27T02:12:00.223Z\n\ud83d\udccf Modified: 2025-02-27T12:57:18.966Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4dbaa738c583a0e947803c69e8996e88cf98d971\n2. https://git.kernel.org/stable/c/438bda062b2c40ddd7df23b932e29ffe0a448cac\n3. https://git.kernel.org/stable/c/9edc7d25f7e49c33a1ce7a5ffadea2222065516c\n4. https://git.kernel.org/stable/c/221cd51efe4565501a3dbf04cc011b537dcce7fb", "creation_timestamp": "2025-02-27T13:27:34.000000Z"}, {"uuid": "e34dd748-3b5c-4fc9-9ebd-5226e18d7cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-58005", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "2d823197-fa22-43a8-af17-b9efa3b556f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58006", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14764", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58006\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR's PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)\n\ud83d\udccf Published: 2025-02-27T02:12:02.932Z\n\ud83d\udccf Modified: 2025-05-04T10:08:15.420Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/b5cacfd067060c75088363ed3e19779078be2755\n2. https://git.kernel.org/stable/c/3229c15d6267de8e704b4085df8a82a5af2d63eb\n3. https://git.kernel.org/stable/c/3708acbd5f169ebafe1faa519cb28adc56295546", "creation_timestamp": "2025-05-04T10:18:02.000000Z"}, {"uuid": "ee99d8bf-8ea4-448e-b165-9089c70b84bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58003", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14765", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58003\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ds90ub9x3: Fix extra fwnode_handle_put()\n\nThe ub913 and ub953 drivers call fwnode_handle_put(priv->sd.fwnode) as\npart of their remove process, and if the driver is removed multiple\ntimes, eventually leads to put \"overflow\", possibly causing memory\ncorruption or crash.\n\nThe fwnode_handle_put() is a leftover from commit 905f88ccebb1 (\"media:\ni2c: ds90ub9x3: Fix sub-device matching\"), which changed the code\nrelated to the sd.fwnode, but missed removing these fwnode_handle_put()\ncalls.\n\ud83d\udccf Published: 2025-02-27T02:12:00.834Z\n\ud83d\udccf Modified: 2025-05-04T10:08:10.796Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/474d7baf91d37bc411fa60de5bbf03c9dd82e18a\n2. https://git.kernel.org/stable/c/f4e4373322f8d4c19721831f7fb989e52d30dab0\n3. https://git.kernel.org/stable/c/70743d6a8b256225675711e7983825f1be86062d\n4. https://git.kernel.org/stable/c/60b45ece41c5632a3a3274115a401cb244180646", "creation_timestamp": "2025-05-04T10:18:04.000000Z"}, {"uuid": "027d5441-2e81-4582-afb5-03d8bb88869f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58007", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14763", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58007\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It's always:\n\n  db410c:/sys/devices/soc0$ cat serial_number\n  2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it's\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.\n\ud83d\udccf Published: 2025-02-27T02:12:03.593Z\n\ud83d\udccf Modified: 2025-05-04T10:08:16.807Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/7445fa05317534bbd8b373c0eff8319187916030\n2. https://git.kernel.org/stable/c/2495c6598731b6d7f565140f2bd63ef4bc36ce7d\n3. https://git.kernel.org/stable/c/2d09d3c9afa2fc422ac3df7c9b8534f350ee19dd\n4. https://git.kernel.org/stable/c/9c88b3a3fae4d60641c3a45be66269d00eff33cd\n5. https://git.kernel.org/stable/c/47470acd719d45c4c8c418c07962f74cc995652b\n6. https://git.kernel.org/stable/c/407c928305c1a37232a63811c400ef616f85ccbc\n7. https://git.kernel.org/stable/c/0a92feddae0634a0b87c04b19d343f6af97af700\n8. https://git.kernel.org/stable/c/22cf4fae6660b6e1a583a41cbf84e3046ca9ccd0", "creation_timestamp": "2025-05-04T10:18:01.000000Z"}, {"uuid": "1562f419-abaa-4257-8e28-2badda854fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58008", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14762", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58008\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y\n\nWith vmalloc stack addresses enabled (CONFIG_VMAP_STACK=y) DCP trusted\nkeys can crash during en- and decryption of the blob encryption key via\nthe DCP crypto driver. This is caused by improperly using sg_init_one()\nwith vmalloc'd stack buffers (plain_key_blob).\n\nFix this by always using kmalloc() for buffers we give to the DCP crypto\ndriver.\n\ud83d\udccf Published: 2025-02-27T02:12:04.100Z\n\ud83d\udccf Modified: 2025-05-04T10:08:18.290Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/3192f1c54dddb9b5820bf5e8677809949d8e9c66\n2. https://git.kernel.org/stable/c/3355594de46fb1cba663f12b9644b664b8a609f4\n3. https://git.kernel.org/stable/c/e8d9fab39d1f87b52932646b2f1e7877aa3fc0f4", "creation_timestamp": "2025-05-04T10:18:00.000000Z"}, {"uuid": "8aee140f-69a6-4766-ab48-d558b00a61a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58009", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14761", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58009\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.\n\ud83d\udccf Published: 2025-02-27T02:12:04.637Z\n\ud83d\udccf Modified: 2025-05-04T10:08:19.816Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a9a7672fc1a0fe18502493936ccb06413ab89ea6\n2. https://git.kernel.org/stable/c/8e605f580a97530e5a3583beea458a3fa4cbefbd\n3. https://git.kernel.org/stable/c/cf601a24120c674cd7c907ea695f92617af6abd0\n4. https://git.kernel.org/stable/c/297ce7f544aa675b0d136d788cad0710cdfb0785\n5. https://git.kernel.org/stable/c/245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22\n6. https://git.kernel.org/stable/c/691218a50c3139f7f57ffa79fb89d932eda9571e\n7. https://git.kernel.org/stable/c/49c0d55d59662430f1829ae85b969619573d0fa1\n8. https://git.kernel.org/stable/c/5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1", "creation_timestamp": "2025-05-04T10:17:59.000000Z"}, {"uuid": "fff1f28d-175e-4db7-998f-ca990a5b5671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58000", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14768", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58000\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent reg-wait speculations\n\nWith *ENTER_EXT_ARG_REG instead of passing a user pointer with arguments\nfor the waiting loop the user can specify an offset into a pre-mapped\nregion of memory, in which case the\n[offset, offset + sizeof(io_uring_reg_wait)) will be intepreted as the\nargument.\n\nAs we address a kernel array using a user given index, it'd be a subject\nto speculation type of exploits. Use array_index_nospec() to prevent\nthat. Make sure to pass not the full region size but truncate by the\nmaximum offset allowed considering the structure size.\n\ud83d\udccf Published: 2025-02-27T02:07:19.155Z\n\ud83d\udccf Modified: 2025-05-04T10:08:06.384Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/2a6de94df7bfa76d9850443547e7b3333f63a16a\n2. https://git.kernel.org/stable/c/29b95ac917927ce9f95bf38797e16333ecb489b1", "creation_timestamp": "2025-05-04T10:18:06.000000Z"}, {"uuid": "96c5ff63-cc0e-4e87-8162-c82f796e28a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58001", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14767", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58001\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: handle a symlink read error correctly\n\nPatch series \"Convert ocfs2 to use folios\".\n\nMark did a conversion of ocfs2 to use folios and sent it to me as a\ngiant patch for review ;-)\n\nSo I've redone it as individual patches, and credited Mark for the patches\nwhere his code is substantially the same.  It's not a bad way to do it;\nhis patch had some bugs and my patches had some bugs.  Hopefully all our\nbugs were different from each other.  And hopefully Mark likes all the\nchanges I made to his code!\n\n\nThis patch (of 23):\n\nIf we can't read the buffer, be sure to unlock the page before returning.\n\ud83d\udccf Published: 2025-02-27T02:11:59.570Z\n\ud83d\udccf Modified: 2025-05-04T10:08:07.719Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/cd3e22b206189cbb4a94229002141e1529f83746\n2. https://git.kernel.org/stable/c/afa8003f8db62e46c4b171cbf4cec2824148b4f7\n3. https://git.kernel.org/stable/c/8aee4184c5b79e486598c15aa80687c77f6f6e6e\n4. https://git.kernel.org/stable/c/6e143eb4ab83c24e7ad3e3d8e7daa241d9c38377\n5. https://git.kernel.org/stable/c/b6833b38984d1e9f20dd80f9ec9050c10d687f30\n6. https://git.kernel.org/stable/c/52a326f93ceb9348264fddf7bab6e345db69e08c\n7. https://git.kernel.org/stable/c/5e3b3ec7c3cb5ba5629a766e4f0926db72cf0a1f\n8. https://git.kernel.org/stable/c/2b4c2094da6d84e69b843dd3317902e977bf64bd", "creation_timestamp": "2025-05-04T10:18:05.000000Z"}, {"uuid": "5269bd5e-21f5-4e90-82c6-d3a0d9312767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58002", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14766", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58002\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.\n\ud83d\udccf Published: 2025-02-27T02:12:00.223Z\n\ud83d\udccf Modified: 2025-05-04T10:08:09.163Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/2a29413ace64627e178fd422dd8a5d95219a2c0b\n2. https://git.kernel.org/stable/c/653993f46861f2971e95e9a0e36a34b49dec542c\n3. https://git.kernel.org/stable/c/117f7a2975baa4b7d702d3f4830d5a4ebd0c6d50\n4. https://git.kernel.org/stable/c/ac18d781466252cd35a3e311e0a4b264260fd927\n5. https://git.kernel.org/stable/c/4dbaa738c583a0e947803c69e8996e88cf98d971\n6. https://git.kernel.org/stable/c/438bda062b2c40ddd7df23b932e29ffe0a448cac\n7. https://git.kernel.org/stable/c/9edc7d25f7e49c33a1ce7a5ffadea2222065516c\n8. https://git.kernel.org/stable/c/221cd51efe4565501a3dbf04cc011b537dcce7fb", "creation_timestamp": "2025-05-04T10:18:05.000000Z"}, {"uuid": "71bff3c4-2c5f-4a81-9631-33d99edbfe82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58000", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5645", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58000\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent reg-wait speculations\n\nWith *ENTER_EXT_ARG_REG instead of passing a user pointer with arguments\nfor the waiting loop the user can specify an offset into a pre-mapped\nregion of memory, in which case the\n[offset, offset + sizeof(io_uring_reg_wait)) will be intepreted as the\nargument.\n\nAs we address a kernel array using a user given index, it'd be a subject\nto speculation type of exploits. Use array_index_nospec() to prevent\nthat. Make sure to pass not the full region size but truncate by the\nmaximum offset allowed considering the structure size.\n\ud83d\udccf Published: 2025-02-27T02:07:19.155Z\n\ud83d\udccf Modified: 2025-02-27T02:07:19.155Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/2a6de94df7bfa76d9850443547e7b3333f63a16a\n2. https://git.kernel.org/stable/c/29b95ac917927ce9f95bf38797e16333ecb489b1", "creation_timestamp": "2025-02-27T02:25:35.000000Z"}]}