CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56712 |
Description: In the Linux kernel, the following vulnerability has been resolved:
udmabuf: fix memory leak on last export_udmabuf() error path
In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a
dma_buf owning the udmabuf has already been created; but the error handling
in udmabuf_create() will tear down the udmabuf without doing anything about
the containing dma_buf.
This leaves a dma_buf in memory that contains a dangling pointer; though
that doesn't seem to lead to anything bad except a memory leak.
Fix it by moving the dma_buf_fd() call out of export_udmabuf() so that we
can give it different error handling.
Note that the shape of this code changed a lot in commit 5e72b2b41a21
("udmabuf: convert udmabuf driver to use folios"); but the memory leak
seems to have existed since the introduction of udmabuf.
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56711 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference
drm_mode_duplicate() could return NULL due to lack of memory,
which will then call NULL pointer dereference. Add a check to
prevent it.
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56710 |
Description: In the Linux kernel, the following vulnerability has been resolved:
ceph: fix memory leak in ceph_direct_read_write()
The bvecs array which is allocated in iter_get_bvecs_alloc() is leaked
and pages remain pinned if ceph_alloc_sparse_ext_map() fails.
There is no need to delay the allocation of sparse_ext map until after
the bvecs array is set up, so fix this by moving sparse_ext allocation
a bit earlier. Also, make a similar adjustment in __ceph_sync_read()
for consistency (a leak of the same kind in __ceph_sync_read() has been
addressed differently).
EPSS Score: 0.04%
December 30th, 2024 (6 months ago)
|
|
CVE-2024-56709 |
Description: In the Linux kernel, the following vulnerability has been resolved:
io_uring: check if iowq is killed before queuing
task work can be executed after the task has gone through io_uring
termination, whether it's the final task_work run or the fallback path.
In this case, task work will find ->io_wq being already killed and
null'ed, which is a problem if it then tries to forward the request to
io_queue_iowq(). Make io_queue_iowq() fail requests in this case.
Note that it also checks PF_KTHREAD, because the user can first close
a DEFER_TASKRUN ring and shortly after kill the task, in which case
->iowq check would race.
EPSS Score: 0.05%
December 30th, 2024 (6 months ago)
|
|
Description: Ddarknotevil Claims to have Leaked the Data of DUX Human Health
December 29th, 2024 (6 months ago)
|
|
|
Description: A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft.
The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal
December 29th, 2024 (6 months ago)
|
|
|
Description: Counter is Allegedly Selling Data of OneTigris
December 29th, 2024 (6 months ago)
|
|
|
Description: A Threat Actor Claims to have Leaked the Data of Gammal Tech
December 29th, 2024 (6 months ago)
|
|
|
Description: RipperSec Targeted the Website of Moto House
December 29th, 2024 (6 months ago)
|
|
|
Description: A Threat Actor Claims to have Leaked the Data of National Library of Peru on Behalf of DefacePeru
December 29th, 2024 (6 months ago)
|