cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-53104,https://securityvulnerability.io/vulnerability/CVE-2024-53104,Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format can lead to out of bounds writes,"A vulnerability within the Linux kernel's UVC video support can be exploited due to inadequate handling of undefined video frame types. Specifically, when parsing video formats, the omission of UVC_VS_UNDEFINED frames can result in calculating incorrect buffer sizes, potentially leading to unsafe out of bounds writes. This flaw emphasizes the importance of robust input validation and comprehensive format understanding to mitigate security risks associated with video streaming.",Linux,Linux,7.8,HIGH,0.0004400000034365803,false,,true,false,true,2025-02-04T05:08:54.000Z,,true,false,,2024-12-02T07:29:27.261Z,5623
CVE-2024-47666,https://securityvulnerability.io/vulnerability/CVE-2024-47666,scsi: pm80xx: Set phy->enable_completion only when we wait for it,"In the Linux kernel, the following vulnerability has been resolved:

scsi: pm80xx: Set phy->enable_completion only when we wait for it

pm8001_phy_control() populates the enable_completion pointer with a stack
address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and
returns. The problem arises when a phy control response comes late.  After
300 ms the pm8001_phy_control() function returns and the passed
enable_completion stack address is no longer valid. Late phy control
response invokes complete() on a dangling enable_completion pointer which
leads to a kernel crash.",Linux,Linux,5.5,MEDIUM,0.0004199999966658652,false,,true,false,true,2024-12-19T14:16:08.000Z,,false,false,,2024-10-09T15:15:00.000Z,0
CVE-2024-26925,https://securityvulnerability.io/vulnerability/CVE-2024-26925,Release Mutex After Nft_gc_seq_end from Abort Path,"The vulnerability CVE-2024-26925 affects the Linux kernel and involves the netfilter nf_tables. It allows for the release of mutex after nft_gc_seq_end from the abort path, potentially leading to the async GC worker collecting expired objects and obtaining the released commit lock within the same GC sequence. The vulnerability has been identified as exploited, but there is no information about ransomware groups leveraging it. The resolution for this vulnerability involves moving nf_tables_module_autoload() at the end of the abort phase after nft_gc_seq_end() is called.",Linux,Linux,,,0.0004400000034365803,false,,true,true,true,2024-12-19T14:15:40.000Z,,false,false,,2024-04-25T06:15:00.000Z,0
CVE-2024-26581,https://securityvulnerability.io/vulnerability/CVE-2024-26581,Skipping End Interval Elements in Lazy GC,"A vulnerability exists within the Linux kernel related to the Netfilter framework where the RBTree memory management system improperly handles the garbage collection of end interval elements during insert transactions. This issue arises when newly added end interval elements are incorrectly collected, leading to potential disruptions in network operations and stability. Proper handling of RBTree structures is essential to maintain the integrity of memory management in networking scenarios.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,true,false,true,2024-12-19T14:15:33.000Z,,false,false,,2024-02-20T12:52:57.398Z,0
CVE-2022-48656,https://securityvulnerability.io/vulnerability/CVE-2022-48656,Fix refcount leak bug in of_xudma_dev_get(),"A vulnerability exists in the Linux kernel's DMA engine, specifically concerning Texas Instruments' K3 UDMA private implementation. This issue arises from a reference count leak due to insufficient handling of the reference returned by of_parse_phandle(). The affected code does not properly release the resource when it is no longer in use or during failure paths, leading to potential resource mismanagement. Proper mitigation involves moving the call to of_node_put() earlier in the code flow to ensure that resources are released appropriately, thereby preventing leaks that could hinder system stability.",Linux,Linux,5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-10-22T14:58:24.000Z,true,false,false,,2024-04-28T13:01:04.974Z,0
CVE-2024-36971,https://securityvulnerability.io/vulnerability/CVE-2024-36971,Linux kernel: Fix for UAF vulnerability in __dst_negative_advice(),"A race condition vulnerability exists in the Linux kernel's handling of the socket's destination cache, specifically in the function __dst_negative_advice(). This flaw leads to a potential use-after-free (UAF) situation, as it does not adhere to the required Read-Copy-Update (RCU) protocol. The correct order of operations is vital: clearing the socket's destination cache (sk->sk_dst_cache) must occur before invoking dst_release on the old destination. While sk_dst_reset() implements this protocol correctly, the problematic function fails to do so. This oversight affects multiple methods related to negative advice, requiring them to perform sk_dst_reset() autonomously to ensure proper handling of the destination cache, especially in regard to the RTF_CACHE routing flag. The vulnerability was identified in the context of UDP sockets, which underscores its relevance in network communications.",Linux,Linux,7.8,HIGH,0.0010499999625608325,true,2024-08-07T00:00:00.000Z,true,false,true,2024-08-07T00:00:00.000Z,,true,false,,2024-06-10T09:03:23.878Z,3801
CVE-2024-28085,https://securityvulnerability.io/vulnerability/CVE-2024-28085,Escape Sequence Injection in util-linux Wall Affects User Terminals,"The highlighted vulnerability is CVE-2024-28085, which affects the ""wall"" command of the util-linux package on certain Linux distributions. It is a decade-old vulnerability that, if exploited, can lead to user password leaks and clipboard hijacking. The vulnerability arises from improperly filtered escape sequences in the command line arguments, allowing unprivileged users to interfere with terminals when specific criteria are met. CVE-2024-28085 can potentially lead to account takeovers and has been exploited on Ubuntu 22.04 and Debian Bookworm. Users are advised to update to util-linux version 2.40 to address the flaw, and security researchers have outlined potential exploitation scenarios and detailed how administrators can mitigate the risk.",util-linux,wall,,,0.0004600000102072954,false,,true,false,true,2024-06-10T23:15:14.000Z,true,false,false,,2024-03-27T00:00:00.000Z,0