{"vulnerability": "CVE-2024-4383", "sightings": [{"uuid": "64659142-1a56-47c4-b40d-1da5bb445c79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43831", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "18b14370-ff2a-4ebc-8bba-977ca56827f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43837", "type": "seen", "source": "https://t.me/cvedetector/3424", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43837 - Linux BPF Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43837 \nPublished : Aug. 17, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT  \n  \nWhen loading a EXT program without specifying `attr->attach_prog_fd`,  \nthe `prog->aux->dst_prog` will be null. At this time, calling  \nresolve_prog_type() anywhere will result in a null pointer dereference.  \n  \nExample stack trace:  \n  \n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004  \n[    8.108262] Mem abort info:  \n[    8.108384]   ESR = 0x0000000096000004  \n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits  \n[    8.108722]   SET = 0, FnV = 0  \n[    8.108827]   EA = 0, S1PTW = 0  \n[    8.108939]   FSC = 0x04: level 0 translation fault  \n[    8.109102] Data abort info:  \n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000  \n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0  \n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0  \n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000  \n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000  \n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP  \n[    8.112783] Modules linked in:  \n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1  \n[    8.113230] Hardware name: linux,dummy-virt (DT)  \n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)  \n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0  \n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8  \n[    8.113798] sp : ffff80008283b9f0  \n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001  \n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000  \n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000  \n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff  \n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720  \n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720  \n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4  \n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f  \n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c  \n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000  \n[    8.114126] Call trace:  \n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0  \n[    8.114202]  bpf_check+0x3bc/0x28c0  \n[    8.114214]  bpf_prog_load+0x658/0xa58  \n[    8.114227]  __sys_bpf+0xc50/0x2250  \n[    8.114240]  __arm64_sys_bpf+0x28/0x40  \n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0  \n[    8.114273]  do_el0_svc+0x4c/0xd8  \n[    8.114289]  el0_svc+0x3c/0x140  \n[    8.114305]  el0t_64_sync_handler+0x134/0x150  \n[    8.114331]  el0t_64_sync+0x168/0x170  \n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)  \n[    8.118672] ---[ end trace 0000000000000000 ]---  \n  \nOne way to fix it is by forcing `attach_prog_fd` non-empty when  \nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`  \nAPI broken which use verifier log to probe prog type and will log  \nnothing if we reject invalid EXT prog before bpf_check().  \n  \nAnother way is by adding null check in resolve_prog_type().  \n  \nThe issue was introduced by commit 4a9c7bbe2ed4 (\"bpf: Resolve to  \nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT\") which wanted  \nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before  \nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows  \nthe logic below:  \n  \n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;  \n  \nIt implies that when EXT program is not yet attached t[...]", "creation_timestamp": "2024-08-17T13:09:19.000000Z"}, {"uuid": "71806a54-7e1e-4680-bbe0-ef2addf6df59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43839", "type": "seen", "source": "https://t.me/cvedetector/3427", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43839 - \"bna sprintf Buffer Overflow\"\", \n  \"Content\": \"CVE ID : CVE-2024-43839 \nPublished : Aug. 17, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures  \n  \nTo have enough space to write all possible sprintf() args. Currently  \n'name' size is 16, but the first '%s' specifier may already need at  \nleast 16 characters, since 'bnad->netdev->name' is used there.  \n  \nFor '%d' specifiers, assume that they require:  \n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8  \n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX  \n   is 16  \n  \nAnd replace sprintf with snprintf.  \n  \nDetected using the static analysis tool - Svace. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T13:09:22.000000Z"}, {"uuid": "cd6bf7d3-01d6-43c4-a418-c722991f9f61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4383", "type": "seen", "source": "Telegram/3SuBAgb-33Wix_ANoVU0GZutx8LPqNNFgMKha3xFulSI52rP", "content": "", "creation_timestamp": "2025-02-06T02:44:19.000000Z"}, {"uuid": "b4737cd5-23d7-4124-a3fb-dffc45b84312", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-43832", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "d0527c30-c873-4305-8a59-f5ea7737c339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-43831", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "e4ce50c1-cb1e-4478-acdf-e303d66ea009", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43834", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}]}