{"vulnerability": "CVE-2024-4770", "sightings": [{"uuid": "4ff45177-86d2-4134-8927-f9aecb4cd6d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-47703", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "777ad639-b4f7-48ac-8e49-d0e6374f6f05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-47704", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "0eada181-1d9e-4b02-a076-db90040896d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47701", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "bdcdbe84-e371-452d-93ab-1ca399fd62dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47705", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "a2655b5f-d71b-4a07-adcf-5d37ecafa66f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47709", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "8cd153af-938c-4966-924b-8cac8936b5a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47706", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "e8869a41-a3ea-4ee7-b645-04dc4176dfac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47704", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "527892b5-d11b-4592-9f41-64b5f5aee61a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47706", "type": "seen", "source": "https://t.me/cvedetector/8475", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47706 - Linux BFQ, Uninitialized Freelist Pointer Use After Free\", \n \"Content\": \"CVE ID : CVE-2024-47706 \nPublished : Oct. 21, 2024, 12:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nblock, bfq: fix possible UAF for bfqq->bic with merge chain \n \n1) initial state, three tasks: \n \n Process 1 Process 2 Process 3 \n (BIC1) (BIC2) (BIC3) \n | \u039b | \u039b | \u039b \n | | | | | | \n V | V | V | \n bfqq1 bfqq2 bfqq3 \nprocess ref: 1 1 1 \n \n2) bfqq1 merged to bfqq2: \n \n Process 1 Process 2 Process 3 \n (BIC1) (BIC2) (BIC3) \n | | | \u039b \n \\--------------\\| | | \n V V | \n bfqq1--------->bfqq2 bfqq3 \nprocess ref: 0 2 1 \n \n3) bfqq2 merged to bfqq3: \n \n Process 1 Process 2 Process 3 \n (BIC1) (BIC2) (BIC3) \n here -> \u039b | | \n \\--------------\\ \\-------------\\| \n V V \n bfqq1--------->bfqq2---------->bfqq3 \nprocess ref: 0 1 3 \n \nIn this case, IO from Process 1 will get bfqq2 from BIC1 first, and then \nget bfqq3 through merge chain, and finially handle IO by bfqq3. \nHowerver, current code will think bfqq2 is owned by BIC1, like initial \nstate, and set bfqq2->bic to BIC1. \n \nbfq_insert_request \n-> by Process 1 \n bfqq = bfq_init_rq(rq) \n bfqq = bfq_get_bfqq_handle_split \n bfqq = bic_to_bfqq \n -> get bfqq2 from BIC1 \n bfqq->ref++ \n rq->elv.priv[0] = bic \n rq->elv.priv[1] = bfqq \n if (bfqq_process_refs(bfqq) == 1) \n bfqq->bic = bic \n -> record BIC1 to bfqq2 \n \n __bfq_insert_request \n new_bfqq = bfq_setup_cooperator \n -> get bfqq3 from bfqq2->new_bfqq \n bfqq_request_freed(bfqq) \n new_bfqq->ref++ \n rq->elv.priv[1] = new_bfqq \n -> handle IO by bfqq3 \n \nFix the problem by checking bfqq is from merge chain fist. And this \nmight fix a following problem reported by our syzkaller(unreproducible): \n \n================================================================== \nBUG: KASAN: slab-use-after-free in bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline] \nBUG: KASAN: slab-use-after-free in bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline] \nBUG: KASAN: slab-use-after-free in bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889 \nWrite of size 1 at addr ffff888123839eb8 by task kworker/0:1H/18595 \n \nCPU: 0 PID: 18595 Comm: kworker/0:1H Tainted: G L 6.6.0-07439-gba2303cacfda #6 \nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 \nWorkqueue: kblockd blk_mq_requeue_work \nCall Trace: \n \n __dump_stack lib/dump_stack.c:88 [inline] \n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106 \n print_address_description mm/kasan/report.c:364 [inline] \n print_report+0x10d/0x610 mm/kasan/report.c:475 \n kasan_report+0x8e/0xc0 mm/kasan/report.c:588 \n bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline] \n bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline] \n bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889 \n bfq_get_bfqq_handle_split+0x169/0x5d0 block/bfq-iosched.c:6757 \n bfq_init_rq block/bfq-iosched.c:6876 [inline] \n bfq_insert_request block/bfq-iosched.c:6254 [inline] \n bfq_insert_requests+0x1112/0x5cf0 block/bfq-iosched.c:6304 \n blk_mq_insert_request+0x290/0x8d0 block/blk-mq.c:2593 \n blk_mq_requeue_work+0x6bc/0xa70 block/blk-mq.c:1502 \n process_one_work kernel/workqueue.c:2627 [inline] \n process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700 \n worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781 \n kthread+0x33c/0x440 kernel/kthread.c:388 \n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 \n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305 \n \n \nAllocated by task 20776: \n kasan_save_stack+0x20/0x40 mm/kasan/common.c:45[...]", "creation_timestamp": "2024-10-21T15:10:37.000000Z"}, {"uuid": "50b4059e-02b1-49bd-8798-09021dfcb6f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47708", "type": "seen", "source": "https://t.me/cvedetector/8472", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47708 - Netkit BPF Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-47708 \nPublished : Oct. 21, 2024, 12:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnetkit: Assign missing bpf_net_context \n \nDuring the introduction of struct bpf_net_context handling for \nXDP-redirect, the netkit driver has been missed, which also requires it \nbecause NETKIT_REDIRECT invokes skb_do_redirect() which is accessing the \nper-CPU variables. Otherwise we see the following crash: \n \n BUG: kernel NULL pointer dereference, address: 0000000000000038 \n bpf_redirect() \n netkit_xmit() \n dev_hard_start_xmit() \n \nSet the bpf_net_context before invoking netkit_xmit() program within the \nnetkit driver. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T15:10:00.000000Z"}, {"uuid": "b69641f2-b11a-47ae-9823-47fa0225b578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47709", "type": "seen", "source": "https://t.me/cvedetector/8471", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47709 - Qualcomm BCM Process Support Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-47709 \nPublished : Oct. 21, 2024, 12:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ncan: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). \n \nsyzbot reported a warning in bcm_release(). [0] \n \nThe blamed change fixed another warning that is triggered when \nconnect() is issued again for a socket whose connect()ed device has \nbeen unregistered. \n \nHowever, if the socket is just close()d without the 2nd connect(), the \nremaining bo->bcm_proc_read triggers unnecessary remove_proc_entry() \nin bcm_release(). \n \nLet's clear bo->bcm_proc_read after remove_proc_entry() in bcm_notify(). \n \n[0] \nname '4986' \nWARNING: CPU: 0 PID: 5234 at fs/proc/generic.c:711 remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711 \nModules linked in: \nCPU: 0 UID: 0 PID: 5234 Comm: syz-executor606 Not tainted 6.11.0-rc5-syzkaller-00178-g5517ae241919 #0 \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 \nRIP: 0010:remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711 \nCode: ff eb 05 e8 cb 1e 5e ff 48 8b 5c 24 10 48 c7 c7 e0 f7 aa 8e e8 2a 38 8e 09 90 48 c7 c7 60 3a 1b 8c 48 89 de e8 da 42 20 ff 90 <0f0b 90 90 48 8b 44 24 18 48 c7 44 24 40 0e 36 e0 45 49 c7 04 07 \nRSP: 0018:ffffc9000345fa20 EFLAGS: 00010246 \nRAX: 2a2d0aee2eb64600 RBX: ffff888032f1f548 RCX: ffff888029431e00 \nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 \nRBP: ffffc9000345fb08 R08: ffffffff8155b2f2 R09: 1ffff1101710519a \nR10: dffffc0000000000 R11: ffffed101710519b R12: ffff888011d38640 \nR13: 0000000000000004 R14: 0000000000000000 R15: dffffc0000000000 \nFS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 \nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \nCR2: 00007fcfb52722f0 CR3: 000000000e734000 CR4: 00000000003506f0 \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 \nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 \nCall Trace: \n \n bcm_release+0x250/0x880 net/can/bcm.c:1578 \n __sock_release net/socket.c:659 [inline] \n sock_close+0xbc/0x240 net/socket.c:1421 \n __fput+0x24a/0x8a0 fs/file_table.c:422 \n task_work_run+0x24f/0x310 kernel/task_work.c:228 \n exit_task_work include/linux/task_work.h:40 [inline] \n do_exit+0xa2f/0x27f0 kernel/exit.c:882 \n do_group_exit+0x207/0x2c0 kernel/exit.c:1031 \n __do_sys_exit_group kernel/exit.c:1042 [inline] \n __se_sys_exit_group kernel/exit.c:1040 [inline] \n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040 \n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 \n do_syscall_x64 arch/x86/entry/common.c:52 [inline] \n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 \n entry_SYSCALL_64_after_hwframe+0x77/0x7f \nRIP: 0033:0x7fcfb51ee969 \nCode: Unable to access opcode bytes at 0x7fcfb51ee93f. \nRSP: 002b:00007ffce0109ca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 \nRAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfb51ee969 \nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 \nRBP: 00007fcfb526f3b0 R08: ffffffffffffffb8 R09: 0000555500000000 \nR10: 0000555500000000 R11: 0000000000000246 R12: 00007fcfb526f3b0 \nR13: 0000000000000000 R14: 00007fcfb5271ee0 R15: 00007fcfb51bf160 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T15:09:59.000000Z"}, {"uuid": "8dd46472-1c0d-4b54-bf73-2a4d7b80aa64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47707", "type": "seen", "source": "https://t.me/cvedetector/8469", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47707 - Google Compute Engine IPv6 Null Pointer Dereference\", \n \"Content\": \"CVE ID : CVE-2024-47707 \nPublished : Oct. 21, 2024, 12:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() \n \nBlamed commit accidentally removed a check for rt->rt6i_idev being NULL, \nas spotted by syzbot: \n \nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI \nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] \nCPU: 1 UID: 0 PID: 10998 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00208-g625403177711 #0 \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 \n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline] \n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914 \nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <803c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06 \nRSP: 0018:ffffc900047374e0 EFLAGS: 00010246 \nRAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000 \nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0 \nRBP: ffffc900047375d0 R08: 0000000000000003 R09: fffff520008e6e8c \nR10: dffffc0000000000 R11: fffff520008e6e8c R12: 1ffff1100fdf8f18 \nR13: ffff88807efc7998 R14: 0000000000000000 R15: ffff88807efc7930 \nFS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 \nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \nCR2: 0000000020002a80 CR3: 0000000022f62000 CR4: 00000000003506f0 \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 \nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 \nCall Trace: \n \n addrconf_ifdown+0x15d/0x1bd0 net/ipv6/addrconf.c:3856 \n addrconf_notify+0x3cb/0x1020 \n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93 \n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline] \n call_netdevice_notifiers net/core/dev.c:2046 [inline] \n unregister_netdevice_many_notify+0xd81/0x1c40 net/core/dev.c:11352 \n unregister_netdevice_many net/core/dev.c:11414 [inline] \n unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11289 \n unregister_netdevice include/linux/netdevice.h:3129 [inline] \n __tun_detach+0x6b9/0x1600 drivers/net/tun.c:685 \n tun_detach drivers/net/tun.c:701 [inline] \n tun_chr_close+0x108/0x1b0 drivers/net/tun.c:3510 \n __fput+0x24a/0x8a0 fs/file_table.c:422 \n task_work_run+0x24f/0x310 kernel/task_work.c:228 \n exit_task_work include/linux/task_work.h:40 [inline] \n do_exit+0xa2f/0x27f0 kernel/exit.c:882 \n do_group_exit+0x207/0x2c0 kernel/exit.c:1031 \n __do_sys_exit_group kernel/exit.c:1042 [inline] \n __se_sys_exit_group kernel/exit.c:1040 [inline] \n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040 \n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 \n do_syscall_x64 arch/x86/entry/common.c:52 [inline] \n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 \n entry_SYSCALL_64_after_hwframe+0x77/0x7f \nRIP: 0033:0x7f1acc77def9 \nCode: Unable to access opcode bytes at 0x7f1acc77decf. \nRSP: 002b:00007ffeb26fa738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 \nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1acc77def9 \nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 \nRBP: 00007f1acc7dd508 R08: 00007ffeb26f84d7 R09: 0000000000000003 \nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 \nR13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffeb26fa8e0 \n \nModules linked in: \n---[ end trace 0000000000000000 ]--- \n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline] \n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914 \nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 [...]", "creation_timestamp": "2024-10-21T15:09:57.000000Z"}, {"uuid": "8773c852-0fdf-41eb-ac1f-c4c0ba6a877f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47705", "type": "seen", "source": "https://t.me/cvedetector/8468", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47705 - Linux Kernel Block Invalid Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-47705 \nPublished : Oct. 21, 2024, 12:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nblock: fix potential invalid pointer dereference in blk_add_partition \n \nThe blk_add_partition() function initially used a single if-condition \n(IS_ERR(part)) to check for errors when adding a partition. This was \nmodified to handle the specific case of -ENXIO separately, allowing the \nfunction to proceed without logging the error in this case. However, \nthis change unintentionally left a path where md_autodetect_dev() \ncould be called without confirming that part is a valid pointer. \n \nThis commit separates the error handling logic by splitting the \ninitial if-condition, improving code readability and handling specific \nerror scenarios explicitly. The function now distinguishes the general \nerror case from -ENXIO without altering the existing behavior of \nmd_autodetect_dev() calls. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T15:09:53.000000Z"}]}