CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56739 |
Description: In the Linux kernel, the following vulnerability has been resolved:
rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
If the __rtc_read_time call fails,, the struct rtc_time tm; may contain
uninitialized data, or an illegal date/time read from the RTC hardware.
When calling rtc_tm_to_ktime later, the result may be a very large value
(possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue,
they will continually expire, may causing kernel softlockup.
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56738 |
Description: GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56737 |
Description: GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56730 |
Description: In the Linux kernel, the following vulnerability has been resolved:
net/9p/usbg: fix handling of the failed kzalloc() memory allocation
On the linux-next, next-20241108 vanilla kernel, the coccinelle tool gave the
following error report:
./net/9p/trans_usbg.c:912:5-11: ERROR: allocation function on line 911 returns
NULL not ERR_PTR on failure
kzalloc() failure is fixed to handle the NULL return case on the memory exhaustion.
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56729 |
Description: In the Linux kernel, the following vulnerability has been resolved:
smb: Initialize cfid->tcon before performing network ops
Avoid leaking a tcon ref when a lease break races with opening the
cached directory. Processing the leak break might take a reference to
the tcon in cached_dir_lease_break() and then fail to release the ref in
cached_dir_offload_close, since cfid->tcon is still NULL.
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56728 |
Description: In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
Add error pointer check after calling otx2_mbox_get_rsp().
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56727 |
Description: In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c
Adding error pointer check after calling otx2_mbox_get_rsp().
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56726 |
Description: In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c
Add error pointer check after calling otx2_mbox_get_rsp().
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56725 |
Description: In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c
Add error pointer check after calling otx2_mbox_get_rsp().
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56724 |
Description: In the Linux kernel, the following vulnerability has been resolved:
mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
While design wise the idea of converting the driver to use
the hierarchy of the IRQ chips is correct, the implementation
has (inherited) flaws. This was unveiled when platform_get_irq()
had started WARN() on IRQ 0 that is supposed to be a Linux
IRQ number (also known as vIRQ).
Rework the driver to respect IRQ domain when creating each MFD
device separately, as the domain is not the same for all of them.
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|