{"vulnerability": "cve-2024-5809", "sightings": [{"uuid": "533fafed-af3f-46e1-9f04-986626ee50c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58098", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3logrd7ubfp2w", "content": "", "creation_timestamp": "2025-05-05T16:16:27.603595Z"}, {"uuid": "3b086a72-4196-42ac-a891-2ccd6d242d0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58096", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "d2d30c84-034b-48c2-89a7-58ceb47dcb2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58094", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "95a2def4-8a2e-4b2f-a848-5a15fe5dde37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58095", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "237c2a4a-056f-4917-9417-4ac64588c92e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58097", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "ad6e4736-ff1a-4d8b-9f48-149af0706ed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58098", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "9ac1aa3a-6355-41d5-b283-908cb9309c7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-58094", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "2c234409-683c-40a1-a5bc-5d13f0d3d5d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-58093", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "bd320a73-3bbb-433a-8393-ced98ef50242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-58095", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "433e5e63-7154-4730-ba43-59ebafa961c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58099", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13799", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58099\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame\n\nAndrew and Nikolay reported connectivity issues with Cilium's service\nload-balancing in case of vmxnet3.\n\nIf a BPF program for native XDP adds an encapsulation header such as\nIPIP and transmits the packet out the same interface, then in case\nof vmxnet3 a corrupted packet is being sent and subsequently dropped\non the path.\n\nvmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp()\nthrough vmxnet3_xdp_xmit_back() calculates an incorrect DMA address:\n\n  page = virt_to_page(xdpf-&gt;data);\n  tbi-&gt;dma_addr = page_pool_get_dma_addr(page) +\n                  VMXNET3_XDP_HEADROOM;\n  dma_sync_single_for_device(&amp;adapter-&gt;pdev-&gt;dev,\n                             tbi-&gt;dma_addr, buf_size,\n                             DMA_TO_DEVICE);\n\nThe above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP\nBPF program could have moved xdp-&gt;data. While the passed buf_size is\ncorrect (xdpf-&gt;len), the dma_addr needs to have a dynamic offset which\ncan be calculated as xdpf-&gt;data - (void *)xdpf, that is, xdp-&gt;data -\nxdp-&gt;data_hard_start.\n\ud83d\udccf Published: 2025-04-29T11:45:30.997Z\n\ud83d\udccf Modified: 2025-04-29T11:45:30.997Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/59ba6cdadb9c26b606a365eb9c9b25eb2052622d\n2. https://git.kernel.org/stable/c/f82eb34fb59a8fb96c19f4f492c20eb774140bb5\n3. https://git.kernel.org/stable/c/4678adf94da4a9e9683817b246b58ce15fb81782", "creation_timestamp": "2025-04-29T12:12:30.000000Z"}, {"uuid": "a70bd397-a2cf-4092-86f3-403b665baba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58092", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12006", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58092\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix legacy client tracking initialization\n\nGet rid of the nfsd4_legacy_tracking_ops-&gt;init() call in\ncheck_for_legacy_methods().  That will be handled in the caller\n(nfsd4_client_tracking_init()).  Otherwise, we'll wind up calling\nnfsd4_legacy_tracking_ops-&gt;init() twice, and the second time we'll\ntrigger the BUG_ON() in nfsd4_init_recdir().\n\ud83d\udccf Published: 2025-04-16T10:24:53.056Z\n\ud83d\udccf Modified: 2025-04-16T10:24:53.056Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/95407304253a4bf03494d921c6913e220c26cc63\n2. https://git.kernel.org/stable/c/cdd66082b227eb695cbf54b7c121ea032e869981\n3. https://git.kernel.org/stable/c/de71d4e211eddb670b285a0ea477a299601ce1ca", "creation_timestamp": "2025-04-16T10:55:49.000000Z"}, {"uuid": "e26ec0be-65c1-4a91-a237-a0e3571d9eb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58091", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14782", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58091\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fbdev-dma: Add shadow buffering for deferred I/O\n\nDMA areas are not necessarily backed by struct page, so we cannot\nrely on it for deferred I/O. Allocate a shadow buffer for drivers\nthat require deferred I/O and use it as framebuffer memory.\n\nFixes driver errors about being \"Unable to handle kernel NULL pointer\ndereference at virtual address\" or \"Unable to handle kernel paging\nrequest at virtual address\".\n\nThe patch splits drm_fbdev_dma_driver_fbdev_probe() in an initial\nallocation, which creates the DMA-backed buffer object, and a tail\nthat sets up the fbdev data structures. There is a tail function for\ndirect memory mappings and a tail function for deferred I/O with\nthe shadow buffer.\n\nIt is no longer possible to use deferred I/O without shadow buffer.\nIt can be re-added if there exists a reliably test for usable struct\npage in the allocated DMA-backed buffer object.\n\ud83d\udccf Published: 2025-03-27T14:57:03.560Z\n\ud83d\udccf Modified: 2025-05-04T10:09:52.646Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/cdc581169942de3b9e2648cfbd98c5ff9111c2c8\n2. https://git.kernel.org/stable/c/3603996432997f7c88da37a97062a46cda01ac9d", "creation_timestamp": "2025-05-04T11:19:00.000000Z"}, {"uuid": "46dfa9a3-4f1a-4747-bbaa-414ab4425ac2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58096", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14778", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58096\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: add srng-&gt;lock for ath11k_hal_srng_* in monitor mode\n\nath11k_hal_srng_* should be used with srng-&gt;lock to protect srng data.\n\nFor ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),\nthey use ath11k_hal_srng_* for many times but never call srng-&gt;lock.\n\nSo when running (full) monitor mode, warning will occur:\nRIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\nCall Trace:\n ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\n ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]\n ? idr_alloc_u32+0x97/0xd0\n ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]\n ath11k_dp_service_srng+0x289/0x5a0 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]\n __napi_poll+0x30/0x1f0\n net_rx_action+0x198/0x320\n __do_softirq+0xdd/0x319\n\nSo add srng-&gt;lock for them to avoid such warnings.\n\nInorder to fetch the srng-&gt;lock, should change srng's definition from\n'void' to 'struct hal_srng'. And initialize them elsewhere to prevent\none line of code from being too long. This is consistent with other ring\nprocess functions, such as ath11k_dp_process_rx().\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1\n\ud83d\udccf Published: 2025-04-16T14:11:44.587Z\n\ud83d\udccf Modified: 2025-05-04T10:10:00.444Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/b85758e76b6452740fc2a08ced6759af64c0d59a\n2. https://git.kernel.org/stable/c/63b7af49496d0e32f7a748b6af3361ec138b1bd3", "creation_timestamp": "2025-05-04T11:18:55.000000Z"}, {"uuid": "90d9d1b3-471c-4291-9f3d-554abc738210", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58097", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14777", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58097\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1\n\ud83d\udccf Published: 2025-04-16T14:11:45.330Z\n\ud83d\udccf Modified: 2025-05-04T10:10:01.732Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378\n2. https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d", "creation_timestamp": "2025-05-04T11:18:54.000000Z"}, {"uuid": "3dd4be94-337e-4e3e-9c99-1ffe56c2f874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58093", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14781", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58093\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink-&gt;downstream would point to free'd memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]\n\ud83d\udccf Published: 2025-04-16T14:11:42.682Z\n\ud83d\udccf Modified: 2025-05-04T10:09:55.686Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5", "creation_timestamp": "2025-05-04T11:18:59.000000Z"}, {"uuid": "726fa625-4e87-4946-b963-930f1770ea6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58094", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14780", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58094\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before truncation in jfs_truncate_nolock()\n\nAdded a check for \"read-only\" mode in the `jfs_truncate_nolock`\nfunction to avoid errors related to writing to a read-only\nfilesystem.\n\nCall stack:\n\nblock_write_begin() {\n  jfs_write_failed() {\n    jfs_truncate() {\n      jfs_truncate_nolock() {\n        txEnd() {\n          ...\n          log = JFS_SBI(tblk-&gt;sb)-&gt;log;\n          // (log == NULL)\n\nIf the `isReadOnly(ip)` condition is triggered in\n`jfs_truncate_nolock`, the function execution will stop, and no\nfurther data modification will occur. Instead, the `xtTruncate`\nfunction will be called with the \"COMMIT_WMAP\" flag, preventing\nmodifications in \"read-only\" mode.\n\ud83d\udccf Published: 2025-04-16T14:11:43.298Z\n\ud83d\udccf Modified: 2025-05-04T10:09:57.136Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/f605bc3e162f5c6faa9bd3602ce496053d06a4bb\n2. https://git.kernel.org/stable/c/b5799dd77054c1ec49b0088b006c9908e256843b", "creation_timestamp": "2025-05-04T11:18:58.000000Z"}, {"uuid": "160eb3b4-0d7a-440f-913f-1c793b779c7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58095", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14779", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58095\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before txBeginAnon() call\n\nAdded a read-only check before calling `txBeginAnon` in `extAlloc`\nand `extRecord`. This prevents modification attempts on a read-only\nmounted filesystem, avoiding potential errors or crashes.\n\nCall trace:\n txBeginAnon+0xac/0x154\n extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78\n jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248\n __block_write_begin_int+0x580/0x166c fs/buffer.c:2128\n __block_write_begin fs/buffer.c:2177 [inline]\n block_write_begin+0x98/0x11c fs/buffer.c:2236\n jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299\n\ud83d\udccf Published: 2025-04-16T14:11:43.934Z\n\ud83d\udccf Modified: 2025-05-04T10:09:58.509Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/15469c408af2d7a52fb186a92f2f091b0f13b1fb\n2. https://git.kernel.org/stable/c/0176e69743ecc02961f2ae1ea42439cd2bf9ed58", "creation_timestamp": "2025-05-04T11:18:56.000000Z"}, {"uuid": "c972e6b8-2d46-444e-93bf-403a5edfd9fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58098", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15705", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58098\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: track changes_pkt_data property for global functions\n\nWhen processing calls to certain helpers, verifier invalidates all\npacket pointers in a current state. For example, consider the\nfollowing program:\n\n    __attribute__((__noinline__))\n    long skb_pull_data(struct __sk_buff *sk, __u32 len)\n    {\n        return bpf_skb_pull_data(sk, len);\n    }\n\n    SEC(\"tc\")\n    int test_invalidate_checks(struct __sk_buff *sk)\n    {\n        int *p = (void *)(long)sk-&gt;data;\n        if ((void *)(p + 1) &gt; (void *)(long)sk-&gt;data_end) return TCX_DROP;\n        skb_pull_data(sk, 0);\n        *p = 42;\n        return TCX_PASS;\n    }\n\nAfter a call to bpf_skb_pull_data() the pointer 'p' can't be used\nsafely. See function filter.c:bpf_helper_changes_pkt_data() for a list\nof such helpers.\n\nAt the moment verifier invalidates packet pointers when processing\nhelper function calls, and does not traverse global sub-programs when\nprocessing calls to global sub-programs. This means that calls to\nhelpers done from global sub-programs do not invalidate pointers in\nthe caller state. E.g. the program above is unsafe, but is not\nrejected by verifier.\n\nThis commit fixes the omission by computing field\nbpf_subprog_info-&gt;changes_pkt_data for each sub-program before main\nverification pass.\nchanges_pkt_data should be set if:\n- subprogram calls helper for which bpf_helper_changes_pkt_data\n  returns true;\n- subprogram calls a global function,\n  for which bpf_subprog_info-&gt;changes_pkt_data should be set.\n\nThe verifier.c:check_cfg() pass is modified to compute this\ninformation. The commit relies on depth first instruction traversal\ndone by check_cfg() and absence of recursive function calls:\n- check_cfg() would eventually visit every call to subprogram S in a\n  state when S is fully explored;\n- when S is fully explored:\n  - every direct helper call within S is explored\n    (and thus changes_pkt_data is set if needed);\n  - every call to subprogram S1 called by S was visited with S1 fully\n    explored (and thus S inherits changes_pkt_data from S1).\n\nThe downside of such approach is that dead code elimination is not\ntaken into account: if a helper call inside global function is dead\nbecause of current configuration, verifier would conservatively assume\nthat the call occurs for the purpose of the changes_pkt_data\ncomputation.\n\ud83d\udccf Published: 2025-05-05T14:53:32.417Z\n\ud83d\udccf Modified: 2025-05-09T08:06:08.048Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/79751e9227a5910c0e5a2c7186877d91821d957d\n2. https://git.kernel.org/stable/c/1d572c60488b52882b719ed273767ee3b280413d\n3. https://git.kernel.org/stable/c/51081a3f25c742da5a659d7fc6fd77ebfdd555be", "creation_timestamp": "2025-05-09T08:25:25.000000Z"}, {"uuid": "110815e0-d952-4e01-893e-f104b86d3068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58099", "type": "seen", "source": "https://t.me/cvedetector/23990", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-58099 - \"VMXNET3 DMA Address Calculation Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-58099 \nPublished : April 29, 2025, 12:15 p.m. | 17\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nvmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame  \n  \nAndrew and Nikolay reported connectivity issues with Cilium's service  \nload-balancing in case of vmxnet3.  \n  \nIf a BPF program for native XDP adds an encapsulation header such as  \nIPIP and transmits the packet out the same interface, then in case  \nof vmxnet3 a corrupted packet is being sent and subsequently dropped  \non the path.  \n  \nvmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp()  \nthrough vmxnet3_xdp_xmit_back() calculates an incorrect DMA address:  \n  \n  page = virt_to_page(xdpf-&gt;data);  \n  tbi-&gt;dma_addr = page_pool_get_dma_addr(page) +  \n                  VMXNET3_XDP_HEADROOM;  \n  dma_sync_single_for_device(&amp;adapter-&gt;pdev-&gt;dev,  \n                             tbi-&gt;dma_addr, buf_size,  \n                             DMA_TO_DEVICE);  \n  \nThe above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP  \nBPF program could have moved xdp-&gt;data. While the passed buf_size is  \ncorrect (xdpf-&gt;len), the dma_addr needs to have a dynamic offset which  \ncan be calculated as xdpf-&gt;data - (void *)xdpf, that is, xdp-&gt;data -  \nxdp-&gt;data_hard_start. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T15:09:22.000000Z"}, {"uuid": "e9e3c0c3-86a5-46f8-af42-48d0ecd72a23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58092", "type": "seen", "source": "https://t.me/cvedetector/23070", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-58092 - Linux Kernel NFSd Double Initialization Double-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-58092 \nPublished : April 16, 2025, 11:15 a.m. | 14\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnfsd: fix legacy client tracking initialization  \n  \nGet rid of the nfsd4_legacy_tracking_ops-&gt;init() call in  \ncheck_for_legacy_methods().  That will be handled in the caller  \n(nfsd4_client_tracking_init()).  Otherwise, we'll wind up calling  \nnfsd4_legacy_tracking_ops-&gt;init() twice, and the second time we'll  \ntrigger the BUG_ON() in nfsd4_init_recdir(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T13:31:21.000000Z"}, {"uuid": "5bfb00ea-e385-4ec2-92eb-683a8effa381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5809", "type": "seen", "source": "https://t.me/cvedetector/1984", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-5809 - \"WordPress Ajax Contact Form Reflected Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-5809 \nPublished : July 30, 2024, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T09:02:43.000000Z"}, {"uuid": "031ea53c-4321-42b8-8276-06a8f61b6201", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58096", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260602", "content": "", "creation_timestamp": "2026-06-01T18:00:00.000000Z"}, {"uuid": "116de49c-0016-4b14-9582-e5a9c8e78cc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58097", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260602", "content": "", "creation_timestamp": "2026-06-01T18:00:00.000000Z"}, {"uuid": "c65dac09-9ff1-475f-9bf9-e98ecc8be113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58096", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260702", "content": "", "creation_timestamp": "2026-07-09T00:45:51.608207Z"}, {"uuid": "14345b6d-36af-4303-8a78-fad006419138", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-58097", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260702", "content": "", "creation_timestamp": "2026-07-09T00:45:53.953637Z"}]}