CyberAlerts

CVE-2024-47727

Description: In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

May 4th, 2025 (about 2 months ago)

CVE-2024-47698

drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error

Description: In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Ensure index in rtl2832_pid_filter does not exceed 31 to prevent out-of-bounds access. dev->filters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access. Change the boundary check from index > 32 to index >= 32 to resolve this issue. [hverkuil: added fixes tag, rtl2830_pid_filter -> rtl2832_pid_filter in logmsg]

CVSS: HIGH (7.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

May 4th, 2025 (about 2 months ago)

CVE-2024-47697

drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error

Description: In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Ensure index in rtl2830_pid_filter does not exceed 31 to prevent out-of-bounds access. dev->filters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access. Change the boundary check from index > 32 to index >= 32 to resolve this issue.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

May 4th, 2025 (about 2 months ago)

CVE-2024-47686

ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()

Description: In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() The psc->div[] array has psc->num_div elements. These values come from when we call clk_hw_register_div(). It's adc_divisors and ARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be >= instead of > to prevent an out of bounds read.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

May 4th, 2025 (about 2 months ago)

CVE-2024-47675

bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()

Description: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_unregister(). This leaks bpf_uprobe->uprobe and worse, this frees bpf_uprobe->consumer without removing it from the uprobe->consumers list.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

May 4th, 2025 (about 2 months ago)

CVE-2024-47670

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

Description: In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn't stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. It will prevent out-of-bound access in case of crafted images.

CVSS: HIGH (7.8)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

May 4th, 2025 (about 2 months ago)

CVE-2024-46865

fou: fix initialization of grc

Description: In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

May 4th, 2025 (about 2 months ago)

CVE-2024-46854

net: dpaa: Pad packets to ETH_ZLEN

Description: In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination

CVSS: HIGH (7.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

May 4th, 2025 (about 2 months ago)

CVE-2024-46759

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

Description: In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

May 4th, 2025 (about 2 months ago)

CVE-2024-46724

drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error

CVSS: HIGH (7.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

May 4th, 2025 (about 2 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-47727	x86/tdx: Fix "in-kernel MMIO" check Description: In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction. CVSS: HIGH (7.8) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE May 4th, 2025 (about 2 months ago)
CVE-2024-47698	drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Description: In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Ensure index in rtl2832_pid_filter does not exceed 31 to prevent out-of-bounds access. dev->filters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access. Change the boundary check from index > 32 to index >= 32 to resolve this issue. [hverkuil: added fixes tag, rtl2830_pid_filter -> rtl2832_pid_filter in logmsg] CVSS: HIGH (7.8) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE May 4th, 2025 (about 2 months ago)
CVE-2024-47697	drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Description: In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Ensure index in rtl2830_pid_filter does not exceed 31 to prevent out-of-bounds access. dev->filters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access. Change the boundary check from index > 32 to index >= 32 to resolve this issue. CVSS: HIGH (7.8) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE May 4th, 2025 (about 2 months ago)
CVE-2024-47686	ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() Description: In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() The psc->div[] array has psc->num_div elements. These values come from when we call clk_hw_register_div(). It's adc_divisors and ARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be >= instead of > to prevent an out of bounds read. CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE May 4th, 2025 (about 2 months ago)
CVE-2024-47675	bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() Description: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_unregister(). This leaks bpf_uprobe->uprobe and worse, this frees bpf_uprobe->consumer without removing it from the uprobe->consumers list. CVSS: HIGH (7.8) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE May 4th, 2025 (about 2 months ago)
CVE-2024-47670	ocfs2: add bounds checking to ocfs2_xattr_find_entry() Description: In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn't stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. It will prevent out-of-bound access in case of crafted images. CVSS: HIGH (7.8) EPSS Score: 0.03% SSVC Exploitation: none Source: CVE May 4th, 2025 (about 2 months ago)
CVE-2024-46865	fou: fix initialization of grc Description: In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized. CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE May 4th, 2025 (about 2 months ago)
CVE-2024-46854	net: dpaa: Pad packets to ETH_ZLEN Description: In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE May 4th, 2025 (about 2 months ago)
CVE-2024-46759	hwmon: (adc128d818) Fix underflows seen when writing limit attributes Description: In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. CVSS: HIGH (7.8) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE May 4th, 2025 (about 2 months ago)
CVE-2024-46724	drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error CVSS: HIGH (7.1) EPSS Score: 0.03% SSVC Exploitation: none Source: CVE May 4th, 2025 (about 2 months ago)