Most recent sightings.

Most recent sightings. https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 22 May 2026 04:48:25 +0000 78cec907-5309-489a-98ca-3af7376a8f3a https://db.gcve.eu/sighting/78cec907-5309-489a-98ca-3af7376a8f3a/export {"uuid": "78cec907-5309-489a-98ca-3af7376a8f3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50082", "type": "seen", "source": "https://t.me/cvedetector/9223", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50082 - Linux Kernel Blk-RQ-QOS Crash Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50082 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nblk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race \n \nWe're seeing crashes from rq_qos_wake_function that look like this: \n \n BUG: unable to handle page fault for address: ffffafe180a40084 \n #PF: supervisor write access in kernel mode \n #PF: error_code(0x0002) - not-present page \n PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0 \n Oops: Oops: 0002 [#1] PREEMPT SMP PTI \n CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11 \n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 \n RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40 \n Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 62 97 30 4c 31 c0 ba 01 00 00 00 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 2c 0b 00 \n RSP: 0018:ffffafe180580ca0 EFLAGS: 00010046 \n RAX: 0000000000000000 RBX: ffffafe180a3f7a8 RCX: 0000000000000011 \n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffafe180a40084 \n RBP: 0000000000000000 R08: 00000000001e7240 R09: 0000000000000011 \n R10: 0000000000000028 R11: 0000000000000888 R12: 0000000000000002 \n R13: ffffafe180a40084 R14: 0000000000000000 R15: 0000000000000003 \n FS: 0000000000000000(0000) GS:ffff9aaf1f280000(0000) knlGS:0000000000000000 \n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \n CR2: ffffafe180a40084 CR3: 000000010e428002 CR4: 0000000000770ef0 \n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 \n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 \n PKRU: 55555554 \n Call Trace: \n \n try_to_wake_up+0x5a/0x6a0 \n rq_qos_wake_function+0x71/0x80 \n __wake_up_common+0x75/0xa0 \n __wake_up+0x36/0x60 \n scale_up.part.0+0x50/0x110 \n wb_timer_fn+0x227/0x450 \n ... \n \nSo rq_qos_wake_function() calls wake_up_process(data->task), which calls \ntry_to_wake_up(), which faults in raw_spin_lock_irqsave(&p->pi_lock). \n \np comes from data->task, and data comes from the waitqueue entry, which \nis stored on the waiter's stack in rq_qos_wait(). Analyzing the core \ndump with drgn, I found that the waiter had already woken up and moved \non to a completely unrelated code path, clobbering what was previously \ndata->task. Meanwhile, the waker was passing the clobbered garbage in \ndata->task to wake_up_process(), leading to the crash. \n \nWhat's happening is that in between rq_qos_wake_function() deleting the \nwaitqueue entry and calling wake_up_process(), rq_qos_wait() is finding \nthat it already got a token and returning. The race looks like this: \n \nrq_qos_wait() rq_qos_wake_function() \n============================================================== \nprepare_to_wait_exclusive() \n data->got_token = true; \n list_del_init(&curr->entry); \nif (data.got_token) \n break; \nfinish_wait(&rqw->wait, &data.wq); \n ^- returns immediately because \n list_empty_careful(&wq_entry->entry) \n is true \n... return, go do something else ... \n wake_up_process(data->task) \n (NO LONGER VALID!)-^ \n \nNormally, finish_wait() is supposed to synchronize against the waker. \nBut, as noted above, it is returning immediately because the waitqueue \nentry has already been removed from the waitqueue. \n \nThe bug is that rq_qos_wake_function() is accessing the waitqueue entry \nAFTER deleting it. Note that autoremove_wake_function() wakes the waiter \nand THEN deletes the waitqueue entry, which is the proper order. \n \nFix it by swapping the order. We also need to use \nl[...]", "creation_timestamp": "2024-10-29T03:02:59.000000Z"} {"uuid": "78cec907-5309-489a-98ca-3af7376a8f3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50082", "type": "seen", "source": "https://t.me/cvedetector/9223", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50082 - Linux Kernel Blk-RQ-QOS Crash Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50082 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nblk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race \n \nWe're seeing crashes from rq_qos_wake_function that look like this: \n \n BUG: unable to handle page fault for address: ffffafe180a40084 \n #PF: supervisor write access in kernel mode \n #PF: error_code(0x0002) - not-present page \n PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0 \n Oops: Oops: 0002 [#1] PREEMPT SMP PTI \n CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11 \n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 \n RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40 \n Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 62 97 30 4c 31 c0 ba 01 00 00 00 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 2c 0b 00 \n RSP: 0018:ffffafe180580ca0 EFLAGS: 00010046 \n RAX: 0000000000000000 RBX: ffffafe180a3f7a8 RCX: 0000000000000011 \n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffafe180a40084 \n RBP: 0000000000000000 R08: 00000000001e7240 R09: 0000000000000011 \n R10: 0000000000000028 R11: 0000000000000888 R12: 0000000000000002 \n R13: ffffafe180a40084 R14: 0000000000000000 R15: 0000000000000003 \n FS: 0000000000000000(0000) GS:ffff9aaf1f280000(0000) knlGS:0000000000000000 \n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \n CR2: ffffafe180a40084 CR3: 000000010e428002 CR4: 0000000000770ef0 \n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 \n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 \n PKRU: 55555554 \n Call Trace: \n \n try_to_wake_up+0x5a/0x6a0 \n rq_qos_wake_function+0x71/0x80 \n __wake_up_common+0x75/0xa0 \n __wake_up+0x36/0x60 \n scale_up.part.0+0x50/0x110 \n wb_timer_fn+0x227/0x450 \n ... \n \nSo rq_qos_wake_function() calls wake_up_process(data->task), which calls \ntry_to_wake_up(), which faults in raw_spin_lock_irqsave(&p->pi_lock). \n \np comes from data->task, and data comes from the waitqueue entry, which \nis stored on the waiter's stack in rq_qos_wait(). Analyzing the core \ndump with drgn, I found that the waiter had already woken up and moved \non to a completely unrelated code path, clobbering what was previously \ndata->task. Meanwhile, the waker was passing the clobbered garbage in \ndata->task to wake_up_process(), leading to the crash. \n \nWhat's happening is that in between rq_qos_wake_function() deleting the \nwaitqueue entry and calling wake_up_process(), rq_qos_wait() is finding \nthat it already got a token and returning. The race looks like this: \n \nrq_qos_wait() rq_qos_wake_function() \n============================================================== \nprepare_to_wait_exclusive() \n data->got_token = true; \n list_del_init(&curr->entry); \nif (data.got_token) \n break; \nfinish_wait(&rqw->wait, &data.wq); \n ^- returns immediately because \n list_empty_careful(&wq_entry->entry) \n is true \n... return, go do something else ... \n wake_up_process(data->task) \n (NO LONGER VALID!)-^ \n \nNormally, finish_wait() is supposed to synchronize against the waker. \nBut, as noted above, it is returning immediately because the waitqueue \nentry has already been removed from the waitqueue. \n \nThe bug is that rq_qos_wake_function() is accessing the waitqueue entry \nAFTER deleting it. Note that autoremove_wake_function() wakes the waiter \nand THEN deletes the waitqueue entry, which is the proper order. \n \nFix it by swapping the order. We also need to use \nl[...]", "creation_timestamp": "2024-10-29T03:02:59.000000Z"} https://db.gcve.eu/sighting/78cec907-5309-489a-98ca-3af7376a8f3a/export Tue, 29 Oct 2024 03:02:59 +0000 4c0c414f-4ba2-478d-a55c-0a8d64666bef https://db.gcve.eu/sighting/4c0c414f-4ba2-478d-a55c-0a8d64666bef/export {"uuid": "4c0c414f-4ba2-478d-a55c-0a8d64666bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50082", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} {"uuid": "4c0c414f-4ba2-478d-a55c-0a8d64666bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50082", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} https://db.gcve.eu/sighting/4c0c414f-4ba2-478d-a55c-0a8d64666bef/export Thu, 14 Aug 2025 10:00:00 +0000