cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-57881,https://securityvulnerability.io/vulnerability/CVE-2024-57881,Memory Management Flaw in Linux Kernel Affecting Sparse Memory Configuration,"A memory management vulnerability exists in the Linux kernel related to the handling of page frame numbers (PFNs) within the split_large_buddy() function. In certain scenarios, especially when freeing the highest pageblock in the last memory section with specific configuration settings enabled, the system may incorrectly call pfn_to_page() on a PFN that could potentially not exist. This can lead to null pointer dereference issues, posing risks to system stability and security. A code inspection revealed this flaw, prompting an immediate fix that skips unnecessary calls to pfn_to_page() when the page is already accessible. Users are advised to update to secure versions promptly.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T15:10:43.786Z,0
CVE-2024-57880,https://securityvulnerability.io/vulnerability/CVE-2024-57880,Buffer Overflow Vulnerability in Linux Kernel Affecting Intel ASoC Drivers,"A buffer overflow vulnerability exists in the Intel ASoC drivers within the Linux kernel. This issue arises due to improper handling of the DAIs array, leading to potential out-of-bounds access. Specifically, the code incorrectly assumes there is always an available slot in the array when assessing usage, resulting in an attempt to access a memory location past the allocated array bounds when the array is full. The fix involves expanding the array to include a terminator, preventing the possibility of accessing invalid memory and enhancing overall system integrity.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T15:05:28.763Z,0
CVE-2024-57879,https://securityvulnerability.io/vulnerability/CVE-2024-57879,Bluetooth Vulnerability in Linux Kernel Affecting Device Management,"A vulnerability has been identified in the Linux kernel's Bluetooth subsystem, specifically in the iso_listen_bis function. This issue arises from improper management of device resources, where the Bluetooth device handle (hdev) is not consistently released after handling an error. As a result, this could potentially lead to resource leaks, impacting device stability and performance. Users and administrators are advised to apply the latest updates to ensure the integrity and reliability of their systems.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T15:05:22.760Z,0
CVE-2024-57878,https://securityvulnerability.io/vulnerability/CVE-2024-57878,Linux Kernel Vulnerability in ARM Architecture Related to Ptrace Functionality,"A vulnerability in the Linux kernel's ARM architecture related to the ptrace function has been identified. The issue arises when the fpmr_set function fails to properly initialize a temporary variable, leading to a scenario where an arbitrary value can be written back to the target process's fpmr register. This can potentially leak up to 64 bits of sensitive memory from the kernel stack when a SETREGSET call with a zero length is executed. To mitigate this, the temporary value is now initialized correctly prior to any regset copying, ensuring that existing FPMR contents remain intact during zero-length writes.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T14:49:04.088Z,0
CVE-2024-57877,https://securityvulnerability.io/vulnerability/CVE-2024-57877,Memory Leak Vulnerability in Linux Kernel Affecting ARM64 Architecture,"A vulnerability in the ARM64 architecture of the Linux kernel could lead to a memory exposure due to improper initialization of a temporary variable during the SETREGSET calls. When a zero-length SETREGSET call is made, uninitialized memory could be written back to target registers, allowing sensitive data (up to 64 bits) to be leaked from the kernel stack. This issue has been addressed by ensuring the temporary variable is initialized before any data is copied from userspace, thus mitigating the potential for data leakage.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T14:49:03.297Z,0
CVE-2024-57876,https://securityvulnerability.io/vulnerability/CVE-2024-57876,Memory Corruption Risk in Linux Kernel due to MST Topology Management,"A race condition in the Linux kernel's handling of MST topology messages could lead to memory corruption. Specifically, during the removal of the MST topology, concurrent access and modification of message reception states without proper locking mechanisms could compromise the integrity of the data being parsed. The vulnerability is addressed by resetting the message reception state before reading or parsing messages, ensuring stable operation and preventing the potential for data corruption.",Linux,Linux,,,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-11T14:49:02.550Z,0
CVE-2024-57875,https://securityvulnerability.io/vulnerability/CVE-2024-57875,Memory Reference Vulnerability in Linux Kernel Affecting Disk Management,"A vulnerability in the Linux kernel relates to improper handling of disk revalidation processes. Specifically, it addresses the conventional zones bitmap of a disk, ensuring that changes do not lead to invalid memory references. Updates involve securing the disk->conv_zones_bitmap pointer with Read-Copy-Update (RCU) protection, allowing the disk_zone_is_conv() helper to operate under an RCU read lock. Moreover, the introduction of disk_set_conv_zones_bitmap() facilitates the safe update of the bitmap while accommodating potential changes without leading to resource mishandling. Key modifications include adjustments in disk_free_zone_resources() to ensure correct allocation and memory integrity, thereby enhancing the overall security posture of disk management operations within the Linux environment.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T14:49:01.655Z,0
CVE-2024-57874,https://securityvulnerability.io/vulnerability/CVE-2024-57874,Linux Kernel Vulnerability in ARM64 PTRACE Functionality,"A security vulnerability exists within the Linux kernel's ARM64 ptrace functionality where an uninitialized variable in the tagged_addr_ctrl_set() method can lead to unintended memory exposure. Specifically, a partial SETREGSET call with a length of zero can leak up to 64 bits of kernel stack memory. This vulnerability does not allow for a write operation, thus limiting the potential impact. Proper initialization of the temporary variable prior to the copying operation from userspace has been implemented in the fix, addressing the issue effectively while ensuring existing values are retained during zero-length writes.",Linux,Linux,,,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-11T14:47:10.665Z,0
CVE-2024-57872,https://securityvulnerability.io/vulnerability/CVE-2024-57872,Memory Leak Vulnerability in Linux Kernel Affecting Scsi Host Cleanup,"A vulnerability in the Linux kernel impacts the proper cleanup of scsi hosts during platform removal. Specifically, if the high-speed SCSI (scsi) host is not deallocated correctly during the ufshcd_pltfrm_remove() process, it can lead to memory leaks, adversely affecting system performance and stability. Relevant patches have been implemented to address this issue, ensuring that scsi_host_dev_release() is called to cleanly release resources.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T14:31:00.610Z,0
CVE-2024-57850,https://securityvulnerability.io/vulnerability/CVE-2024-57850,Memory Corruption Vulnerability in Linux Kernel's JFFS2 Component,"A memory corruption vulnerability exists in the JFFS2 decompression routine of the Linux kernel. The issue arises because the rtime decompression process lacks comprehensive bounds checking throughout the decompression phase. If compressed data is corrupted, this can lead to memory corruption beyond the intended decompression buffer, potentially resulting in unpredictable behavior or system crashes. A recent fix has been implemented to introduce necessary checks to prevent this security risk.",Linux,Linux,,,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-11T14:30:59.271Z,0
CVE-2024-57849,https://securityvulnerability.io/vulnerability/CVE-2024-57849,Linux Kernel CPU Hotplug Removal Vulnerability in s390 Products,"A vulnerability exists in the Linux kernel's handling of CPU hotplug operations within the s390 architecture. Specifically, when a CPU is hot-plugged off, the associated performance monitoring unit (PMU) deallocates sampling data buffers. However, if an event remains active on the removed CPU, the kernel's performance subsystem attempts to retrieve samples from buffers that may already have been freed. This could lead to a use-after-free scenario, potentially exposing invalid data. To mitigate this, there needs to be a check to ascertain whether the CPU remains in a reserved state. If the PMU_F_RESERVED bit is set, it indicates that the buffers are still valid; otherwise, they may be lost. Prompt application of the provided fixes is essential to ensure system integrity and performance.",Linux,Linux,,,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-11T14:30:58.365Z,0
CVE-2024-57843,https://securityvulnerability.io/vulnerability/CVE-2024-57843,Linux Kernel Vulnerability in virtio-net Affecting Various Distributions,"A vulnerability in the Linux kernel's virtio-net component may lead to instability in virtual machines, particularly when specific system configurations are in place. The issue arises when the size of the fragment exceeds the PAGE_SIZE while the request for a DMA buffer could potentially overflow. This flaw, introduced by a previous commit, was identified to cause reliable crashes and failures when transferring files using scp in a virtualized environment. The latest updates attempt to mitigate this problem by adjusting buffer lengths, aiming to stabilize VM operations and improve system reliability.",Linux,Linux,,,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-11T14:30:57.255Z,0
CVE-2024-57839,https://securityvulnerability.io/vulnerability/CVE-2024-57839,Readahead Handling Issue in Linux Kernel Affecting NFS Performance,"A recently identified problem in the Linux Kernel affects NFS performance tied to readahead operations. The issue arises when the system occasionally hangs due to a bug linked to readahead logic, particularly after the reversion of a specific commit. The reverting action aims to resolve unexpected behavior where readahead sizes become negative, causing instability and interruptions in system performance. While reverting introduces lower readahead throughput, it mitigates more severe system hangs, ensuring better stability until a more permanent solution can be engineered.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T14:30:56.149Z,0
CVE-2024-57838,https://securityvulnerability.io/vulnerability/CVE-2024-57838,Stack Depot Warnings Resolved in Linux Kernel for s390 Architecture,"A vulnerability in the Linux kernel's handling of IRQ entries on the s390 architecture has led to stack depot warnings due to inadequate filtering. The empty .irqentry.text section obstructs effective stack trace de-duplication, potentially resulting in stack depot limit capacity warnings when PREEMPT and KASAN are enabled. To address this, the fix involves relocating IO/EXT interrupt handlers from .kprobes.text into the .irqentry.text section, thus enhancing the system's ability to manage interrupts effectively without unnecessary overhead.",Linux,Linux,,,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-11T14:08:56.951Z,0
CVE-2024-57809,https://securityvulnerability.io/vulnerability/CVE-2024-57809,Suspension and Resume Support Flaw in NXP i.MX6QDL PCI Components,"The i.MX6QDL platform suffers from a critical flaw in its suspend/resume functionality, leading to potential system hangs and driver crashes when PCIe devices are connected. The issue, well-documented in NXP's errata, requires a patch that integrates suspend/resume sequences from other i.MX devices while preserving the integrity of critical registers. This ensures seamless operation of connected PCIe devices, preventing scenarios where devices become inaccessible upon resuming. If unaddressed, users may encounter persistent errors, particularly with drivers like ath10k and iwlwifi, resulting in significant operational delays and system instability.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T14:08:56.044Z,0
CVE-2024-57807,https://securityvulnerability.io/vulnerability/CVE-2024-57807,Deadlock Vulnerability in Linux Kernel SCSI Megaraid_sas Driver,"A deadlock vulnerability has been identified in the Linux kernel's SCSI megaraid_sas driver, where a possible circular locking dependency could lead to system instability. This occurs when two or more locking mechanisms are engaged in such a way that each is waiting for the other to release its lock, potentially causing a complete standstill in system operations. The recent fix addresses this issue by strategically releasing the reset_mutex temporarily to prevent the deadlock condition, thereby enhancing the overall resilience and performance of the SCSI subsystem.",Linux,Linux,,,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-11T12:39:53.645Z,0
CVE-2024-57806,https://securityvulnerability.io/vulnerability/CVE-2024-57806,Linux Kernel Vulnerability in Btrfs Related to Quota Configuration,"The Btrfs module in the Linux kernel has a vulnerability related to the enabling of simple quotas, which can lead to assertion failures due to improper transaction handling. When the simple quota feature is activated, the incompat bit should be set before committing the transaction to ensure that both flags are correctly persisted. Failure to do so may result in data integrity issues, particularly if the filesystem is unmounted before the transaction is fully secured. The vulnerability can be reproduced by initializing a Btrfs filesystem, enabling quotas, unmounting, and then remounting, which exposes the flaw in the flag management. This can have significant security implications, as it undermines the reliability of the quota system.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T12:39:52.628Z,0
CVE-2024-57805,https://securityvulnerability.io/vulnerability/CVE-2024-57805,Link DMA Release Issue in Intel ASoC Driver for Linux Kernel,"A vulnerability in the ASoC: SOF: Intel driver for the Linux kernel could allow a temporary mismanagement of link DMA resources. When a stream is stopped, the link DMA should remain allocated to prevent other streams from seizing it during a critical window. Failure to maintain this allocation can lead to unpredictable behavior, including firmware errors or system crashes, especially if another stream is initiated in quick succession. This issue may not occur under normal usage patterns but can be exploited under specific conditions.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T12:39:51.798Z,0
CVE-2024-57804,https://securityvulnerability.io/vulnerability/CVE-2024-57804,SAS Transport Vulnerability in Linux Kernel Affecting Multiple PHY States,"A vulnerability in the Linux kernel's SCSI MPI3MR driver allows for the potential corruption of configuration pages related to SAS IO units and expanders. This issue arises when PHYs are rapidly disabled and re-enabled, leading to inconsistent states that can disrupt normal operations. The kernel previously allowed overlapping memory requests for configuration changes, which has been remedied by separating memory allocation for each request, thus preventing data corruption and enhancing the stability of the SAS transport layer.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T12:39:50.958Z,0
CVE-2024-57800,https://securityvulnerability.io/vulnerability/CVE-2024-57800,Memory Allocation Issue in Linux Kernel Affecting ALSA Device Drivers,"A vulnerability exists in the Linux Kernel related to ALSA device drivers, where improper error handling during DMA address mapping may lead to exploitation. The issue arises when DMA-API debugging is enabled, resulting in a warning that indicates the device driver fails to check for mapping errors effectively. This could potentially allow malicious actors to exploit these errors, jeopardizing system stability and security. Developers are encouraged to utilize the recommended dma_mapping_error() function to handle these mappings correctly and avoid such critical warnings.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T12:39:49.702Z,0
CVE-2024-57799,https://securityvulnerability.io/vulnerability/CVE-2024-57799,Linux Kernel Vulnerability in Rockchip's Samsung HDPTX Implementation,"A vulnerability exists within the Linux kernel related to Rockchip's Samsung HDPTX implementation. Specifically, during the probe process, the function rk_hdptx_phy_runtime_resume() may be invoked before platform_set_drvdata() has been executed. This sequence can lead to a NULL pointer dereference when the return value from dev_get_drvdata() is accessed, resulting in potential system instability. Developers are advised to ensure platform_set_drvdata() is called before devm_pm_runtime_enable() to mitigate this issue effectively.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T12:39:48.936Z,0
CVE-2024-57798,https://securityvulnerability.io/vulnerability/CVE-2024-57798,Use-After-Free Vulnerability in Linux Kernel Affecting Multiple Drivers,"A vulnerability in the Linux kernel arises when handling MST (Multi-Stream Transport) requests, specifically within the drm_dp_mst_handle_up_req() function. This issue occurs due to improper management of pointers, where the mst_primary pointer may be freed in one thread while being accessed in another, leading to potential NULL dereference or use-after-free scenarios. The vulnerability has been mitigated by ensuring that a reference to mst_primary is held while it is being utilized, thereby preventing accidental dereferencing of freed memory. It is crucial for system administrators to update to patched versions of the kernel to safeguard against this type of vulnerability.",Linux,Linux,,,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-11T12:39:48.212Z,0
CVE-2024-57793,https://securityvulnerability.io/vulnerability/CVE-2024-57793,Memory Decryption Vulnerability in Linux Kernel Affecting CoCo VMs,"A vulnerability exists in the Linux kernel that pertains to CoCo virtual machines (VMs), where an untrusted host can trigger failures in the set_memory_decrypted() function. When this function fails, it may inadvertently leak decrypted memory by sharing it with the page allocator instead of properly handling the error. This situation can lead to both functional and security complications, underscoring the necessity for careful error management in memory operations.",Linux,Linux,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T12:39:47.347Z,0
CVE-2024-57792,https://securityvulnerability.io/vulnerability/CVE-2024-57792,Memory Access Issue in Linux Kernel's GPIO Charger Component,"A vulnerability in the Linux kernel's gpio-charger driver has been identified that may allow for incorrect memory access when setting charge current limits. Specifically, if a requested charge current limit is set below the minimum allowable threshold, it could lead to accessing memory beyond the allocated bounds. This issue, if exploited, could result in unpredictable behavior or system instability. Proper handling of charge current parameters is essential to mitigate potential risks.",Linux,Linux,,,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-11T12:39:46.397Z,0
CVE-2024-57791,https://securityvulnerability.io/vulnerability/CVE-2024-57791,Linux Kernel Vulnerability in Receive Handling of CLC Messages by Vendor,"A vulnerability has been identified in the Linux kernel related to the handling of CLC messages during network operations. Specifically, the length of the message received from the network may not be fully trusted, potentially leading to a scenario where the expected length exceeds the buffer size. This situation can cause the process to enter a deadloop while attempting to drain the excess data. The recent patch adds checks to the return value of sock_recvmsg, improving the robustness of the data draining process and mitigating the risk of deadloops.",Linux,Linux,,,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-11T12:35:48.905Z,0