CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-50086 |
Description:
Nessus Plugin ID 230493 with High Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add session_lock when setting SMB2_SESSION_EXPIRED and referece count to session struct not to free session while it is being used. (CVE-2024-50086)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/230493
CVSS: LOW (0.0)
March 6th, 2025 (4 months ago)
|
|
CVE-2024-8636 |
Description:
Nessus Plugin ID 230494 with High Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-8636)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/230494
March 6th, 2025 (4 months ago)
|
|
CVE-2024-49899 |
Description:
Nessus Plugin ID 230495 with Medium Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominators' default to 1 [WHAT & HOW] Variables used as denominators and maybe not assigned to other values, should not be 0. Change their default to 1 so they are never 0. This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity. (CVE-2024-49899)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/230495
CVSS: LOW (0.0)
March 6th, 2025 (4 months ago)
|
|
CVE-2024-50262 |
Description:
Nessus Plugin ID 230496 with High Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves. For example, consider a trie with max_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ... 0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with .prefixlen = 8 make 9 nodes be written on the node stack with size 8. (CVE-2024-50262)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/230496
CVSS: LOW (0.0)
March 6th, 2025 (4 months ago)
|
|
CVE-2024-57988 |
Description:
Nessus Plugin ID 230497 with Medium Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but this returned value in btbcm_get_board_name() is not checked. Add NULL check in btbcm_get_board_name(), to handle kernel NULL pointer dereference error. (CVE-2024-57988)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/230497
EPSS Score: 0.02%
March 6th, 2025 (4 months ago)
|
|
CVE-2024-53072 |
Description:
Nessus Plugin ID 230498 with Medium Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amd_pmc module as: amd_pmc enable_stb=1 ...can result in the following messages in the kernel ring buffer: amd_pmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on RAM at 0x0000000000000000 - 0x0000000000ffffff WARNING: CPU: 10 PID: 2151 at arch/x86/mm/ioremap.c:217 __ioremap_caller+0x2cd/0x340 Further debugging reveals that this occurs when the requests for S2D_PHYS_ADDR_LOW and S2D_PHYS_ADDR_HIGH return a value of 0, indicating that the STB is inaccessible. To prevent the ioremap warning and provide clarity to the user, handle the invalid address and display an error message. (CVE-2024-53072)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/230498
CVSS: MEDIUM (5.5) EPSS Score: 0.03%
March 6th, 2025 (4 months ago)
|
|
CVE-2024-49972 |
Description:
Nessus Plugin ID 230499 with Medium Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails [Why] When DC state create DML memory allocation fails, memory is not deallocated subsequently, resulting in uninitialized structure that is not NULL. [How] Deallocate memory if DML memory allocation fails. (CVE-2024-49972)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/230499
EPSS Score: 0.03%
March 6th, 2025 (4 months ago)
|
|
CVE-2024-53689 |
Description:
Nessus Plugin ID 230500 with Critical Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock while freezing queue and acquiring sysfs_lock For storing a value to a queue attribute, the queue_attr_store function first freezes the queue (->q_usage_counter(io)) and then acquire ->sysfs_lock. This seems not correct as the usual ordering should be to acquire ->sysfs_lock before freezing the queue. This incorrect ordering causes the following lockdep splat which we are able to reproduce always simply by accessing /sys/kernel/debug file using ls command: [ 57.597146] WARNING: possible circular locking dependency detected [ 57.597154] 6.12.0-10553-gb86545e02e8c #20 Tainted: G W [ 57.597162] ------------------------------------------------------ [ 57.597168] ls/4605 is trying to acquire lock: [ 57.597176] c00000003eb56710 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0x58/0xc0 [ 57.597200] but task is already holding lock: [ 57.597207] c0000018e27c6810 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: iterate_dir+0x94/0x1d4 [ 57.597226] which lock already depends on the new lock. [ 57.597...
March 6th, 2025 (4 months ago)
|
|
CVE-2024-56598 |
Description:
Nessus Plugin ID 230501 with High Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case. (CVE-2024-56598)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/230501
March 6th, 2025 (4 months ago)
|
|
CVE-2024-56569 |
Description:
Nessus Plugin ID 230502 with Medium Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo write*:mod:ext3 > /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f (ftrace: Fix regression with module command in stack_trace_filter) has addressed part of the issue, it left a corner case unhandled, which still results in a kernel crash. (CVE-2024-56569)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/230502
March 6th, 2025 (4 months ago)
|