{"vulnerability": "CVE-2024-4685", "sightings": [{"uuid": "27c8986c-1571-4839-9257-d1ffc7df73a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46855", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19691", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46855\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.\n\ud83d\udccf Published: 2024-09-27T12:42:47.281Z\n\ud83d\udccf Modified: 2025-06-27T10:21:11.807Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/076d281e90aaf4192799ecb9a1ed82321e133ecd\n2. https://git.kernel.org/stable/c/6572440f78b724c46070841a68254ebc534cde24\n3. https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a\n4. https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896\n5. https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715\n6. https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11\n7. https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c", "creation_timestamp": "2025-06-27T10:49:56.000000Z"}, {"uuid": "4df5cacc-52ae-43db-856d-888b2fdb414a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46855", "type": "seen", "source": "https://t.me/cvedetector/6513", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46855 - Linux Kernel Netfilter NFT Socket Use-After-Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-46855 \nPublished : Sept. 27, 2024, 1:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnetfilter: nft_socket: fix sk refcount leaks \n \nWe must put 'sk' reference before returning. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T15:53:14.000000Z"}, {"uuid": "c0bab13c-b62e-40c6-9b4d-db28215afbd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46858", "type": "seen", "source": "https://t.me/cvedetector/6526", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46858 - Linux MPTCP Uninitialized Pointer Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-46858 \nPublished : Sept. 27, 2024, 1:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmptcp: pm: Fix uaf in __timer_delete_sync \n \nThere are two paths to access mptcp_pm_del_add_timer, result in a race \ncondition: \n \n CPU1 CPU2 \n ==== ==== \n net_rx_action \n napi_poll netlink_sendmsg \n __napi_poll netlink_unicast \n process_backlog netlink_unicast_kernel \n __netif_receive_skb genl_rcv \n __netif_receive_skb_one_core netlink_rcv_skb \n NF_HOOK genl_rcv_msg \n ip_local_deliver_finish genl_family_rcv_msg \n ip_protocol_deliver_rcu genl_family_rcv_msg_doit \n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit \n tcp_v4_do_rcv mptcp_nl_remove_addrs_list \n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows \n tcp_data_queue remove_anno_list_by_saddr \n mptcp_incoming_options mptcp_pm_del_add_timer \n mptcp_pm_del_add_timer kfree(entry) \n \nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical \nzone protected by \"pm.lock\", the entry will be released, which leads to the \noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). \n \nKeeping a reference to add_timer inside the lock, and calling \nsk_stop_timer_sync() with this reference, instead of \"entry->add_timer\". \n \nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, \ndo not directly access any members of the entry outside the pm lock, which \ncan avoid similar \"entry->x\" uaf. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T15:53:34.000000Z"}, {"uuid": "1b37c67b-1aa8-424a-8a66-135c734b2463", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46854", "type": "seen", "source": "https://t.me/cvedetector/6525", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46854 - VMware vSphere Linux Kernel Buffer Leak\", \n \"Content\": \"CVE ID : CVE-2024-46854 \nPublished : Sept. 27, 2024, 1:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: dpaa: Pad packets to ETH_ZLEN \n \nWhen sending packets under 60 bytes, up to three bytes of the buffer \nfollowing the data may be leaked. Avoid this by extending all packets to \nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be \nreproduced by running \n \n $ ping -s 11 destination \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T15:53:34.000000Z"}, {"uuid": "d12d3ab1-151c-45a7-a35f-b2c67137385a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46859", "type": "seen", "source": "https://t.me/cvedetector/6516", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46859 - Panasonic Laptop Array Index Out-of-Bounds Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-46859 \nPublished : Sept. 27, 2024, 1:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses \n \nThe panasonic laptop code in various places uses the SINF array with index \nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array \nis big enough. \n \nNot all panasonic laptops have this many SINF array entries, for example \nthe Toughbook CF-18 model only has 10 SINF array entries. So it only \nsupports the AC+DC brightness entries and mute. \n \nCheck that the SINF array has a minimum size which covers all AC+DC \nbrightness entries and refuse to load if the SINF array is smaller. \n \nFor higher SINF indexes hide the sysfs attributes when the SINF array \ndoes not contain an entry for that attribute, avoiding show()/store() \naccessing the array out of bounds and add bounds checking to the probe() \nand resume() code accessing these. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T15:53:20.000000Z"}, {"uuid": "15e27733-7f5c-4316-9813-53c6903cbfdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46857", "type": "seen", "source": "https://t.me/cvedetector/6515", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46857 - Intel Mellanox mlx5 Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-46857 \nPublished : Sept. 27, 2024, 1:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/mlx5: Fix bridge mode operations when there are no VFs \n \nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a \ncrash: \n \nbridge link set dev eth2 hwmode vepa \n \n[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 \n[...] \n[ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] \n[...] \n[ 168.976037] Call Trace: \n[ 168.976188] \n[ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core] \n[ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core] \n[ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0 \n[ 168.979714] rtnetlink_rcv_msg+0x159/0x400 \n[ 168.980451] netlink_rcv_skb+0x54/0x100 \n[ 168.980675] netlink_unicast+0x241/0x360 \n[ 168.980918] netlink_sendmsg+0x1f6/0x430 \n[ 168.981162] ____sys_sendmsg+0x3bb/0x3f0 \n[ 168.982155] ___sys_sendmsg+0x88/0xd0 \n[ 168.985036] __sys_sendmsg+0x59/0xa0 \n[ 168.985477] do_syscall_64+0x79/0x150 \n[ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e \n[ 168.987773] RIP: 0033:0x7f8f7950f917 \n \n(esw->fdb_table.legacy.vepa_fdb is null) \n \nThe bridge mode is only relevant when there are multiple functions per \nport. Therefore, prevent setting and getting this setting when there are no \nVFs. \n \nNote that after this change, there are no settings to change on the PF \ninterface using `bridge link` when there are no VFs, so the interface no \nlonger appears in the `bridge link` output. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T15:53:19.000000Z"}, {"uuid": "996fe2b5-127b-4521-8500-6ba38e251259", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46856", "type": "seen", "source": "https://t.me/cvedetector/6514", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46856 - \"DP83822/DP83825 Net Phy Null Pointer Dereference\"\", \n \"Content\": \"CVE ID : CVE-2024-46856 \nPublished : Sept. 27, 2024, 1:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: phy: dp83822: Fix NULL pointer dereference on DP83825 devices \n \nThe probe() function is only used for DP83822 and DP83826 PHY, \nleaving the private data pointer uninitialized for the DP83825 models \nwhich causes a NULL pointer dereference in the recently introduced/changed \nfunctions dp8382x_config_init() and dp83822_set_wol(). \n \nAdd the dp8382x_probe() function, so all PHY models will have a valid \nprivate data pointer to fix this issue and also prevent similar issues \nin the future. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T15:53:15.000000Z"}, {"uuid": "52aea5ce-386e-4fe2-a4f5-b4469e2113dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-46857", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "8ed22937-508c-4358-8798-beb167a55e94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46859", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "7c916057-9fc6-422f-8154-e7a2355e25f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46854", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0398/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "b5f82ea6-a903-4020-91cd-6d967d767a47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46852", "type": "published-proof-of-concept", "source": "Telegram/gWkUE9xe2dPScHlQfoXfsBGlKjsipBetnUTIxo2bm8L_bds", "content": "", "creation_timestamp": "2025-09-23T05:59:31.000000Z"}, {"uuid": "621169ec-acef-4c58-a9c3-52e6f5d49bcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46852", "type": "published-proof-of-concept", "source": "Telegram/LO8zOBx6Y2YbT8-dWq1KfYtF1NLQgEtgfrnw-Bo2ZgsdOfo", "content": "", "creation_timestamp": "2025-09-22T18:09:54.000000Z"}, {"uuid": "5f2740e8-8b9b-4aa7-b26e-ac82f4667033", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46852", "type": "published-proof-of-concept", "source": "Telegram/O-uS3G04tZg-tx6PegY9kLpCxX1ip2i-kmSdoXSya0c4dac", "content": "", "creation_timestamp": "2025-09-22T15:46:29.000000Z"}, {"uuid": "7af1687f-8f6f-443e-8de1-82925a94a6c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46852", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7670", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46852\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 (\"dma-buf: heaps:\nDon't track CMA dma-buf pages under RssFile\") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don't read off the end of the pages\narray and insert an arbitrary page in the mapping.\n\ud83d\udccf Published: 2024-09-27T12:42:45.336Z\n\ud83d\udccf Modified: 2025-03-15T03:55:23.131Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae\n2. https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95\n3. https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f\n4. https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea\n5. https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff\n6. https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87", "creation_timestamp": "2025-03-15T04:45:23.000000Z"}, {"uuid": "3ccdcd28-a131-4459-bc27-4b2d4546e89b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46857", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "f68afc11-8411-4e6b-b0e7-05cf5c51c622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4685", "type": "seen", "source": "Telegram/eQlTGbpc-K6IjLYXZlLwoSEyC-W3D8RZOHjXmRFJE2LAQPTw", "content": "", "creation_timestamp": "2025-02-19T22:21:29.000000Z"}, {"uuid": "596fe9b4-93f1-4832-a4a4-659ae7b50d8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46852", "type": "published-proof-of-concept", "source": "Telegram/0BhqX6sx4l22bH7ttwKI-E-0zPNMtLL1QU5PQtFC9AKCIXY", "content": "", "creation_timestamp": "2025-09-22T15:03:23.000000Z"}]}