{"vulnerability": "CVE-2024-5000", "sightings": [{"uuid": "ca646391-8a03-4575-9ae0-3452e4f0f613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50006", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "0e7da908-ce22-4224-bc86-488f61458e9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50008", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "b3a288d3-7918-47eb-9ea3-918e9ff80b1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50001", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "8cd59206-4d5c-434b-87b8-78af9886d250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-50009", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "a8d2fc50-8a8a-4a05-b5f5-2f80f235179f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50003", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "a81c63ec-277e-49ec-8439-8afb3ea7cebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50004", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1939", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50004\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35\n\n[WHY & HOW]\nMismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause\ngrey screen and system hang. Remove EnhancedPrefetchScheduleAccelerationFinal value override\nto match HW spec.\n\n(cherry picked from commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba)\n\ud83d\udccf Published: 2024-10-21T18:53:58.609Z\n\ud83d\udccf Modified: 2025-01-16T11:53:25.998Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/945dc25eda88b5d6e30c9686dc619ab981c22d0e\n2. https://git.kernel.org/stable/c/4010efc8516899981cc3b57be2d4a2d5d9e50228\n3. https://git.kernel.org/stable/c/0d5e5e8a0aa49ea2163abf128da3b509a6c58286", "creation_timestamp": "2025-01-16T12:55:29.000000Z"}, {"uuid": "4a0fa0f1-c588-4635-9afb-e937dcf34cf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50009", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2168", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50009\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: add check for cpufreq_cpu_get's return value\n\ncpufreq_cpu_get may return NULL. To avoid NULL-dereference check it\nand return in case of error.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\ud83d\udccf Published: 2024-10-21T18:54:02.180Z\n\ud83d\udccf Modified: 2025-01-17T15:56:21.546Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5f250d44b8191d612355dd97b89b37bbc1b5d2cb\n2. https://git.kernel.org/stable/c/5493f9714e4cdaf0ee7cec15899a231400cb1a9f", "creation_timestamp": "2025-01-17T16:57:10.000000Z"}, {"uuid": "d132bbdf-80a2-46fb-a674-193e9f4c3fdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50009", "type": "seen", "source": "https://t.me/cvedetector/8532", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50009 - \"AMD-pstate NULL Pointer Dereference Vulnerability in Linux Kernel\"\", \n  \"Content\": \"CVE ID : CVE-2024-50009 \nPublished : Oct. 21, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ncpufreq: amd-pstate: add check for cpufreq_cpu_get's return value  \n  \ncpufreq_cpu_get may return NULL. To avoid NULL-dereference check it  \nand return in case of error.  \n  \nFound by Linux Verification Center (linuxtesting.org) with SVACE. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T21:52:36.000000Z"}, {"uuid": "8a64f055-78c8-41a7-8e64-848bd803cf0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50008", "type": "seen", "source": "https://t.me/cvedetector/8531", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50008 - Linux Mwifiex Array Oversize Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50008 \nPublished : Oct. 21, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()  \n  \nReplace one-element array with a flexible-array member in  \n`struct host_cmd_ds_802_11_scan_ext`.  \n  \nWith this, fix the following warning:  \n  \nelo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------  \nelo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field \"ext_scan->tlv_buffer\" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1)  \nelo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T21:52:35.000000Z"}, {"uuid": "d2325358-84d9-45ee-aa3b-a41bd9387c9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50006", "type": "seen", "source": "https://t.me/cvedetector/8541", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50006 - Linux Kernel EXT4 Data Semaphores Deadlock\", \n  \"Content\": \"CVE ID : CVE-2024-50006 \nPublished : Oct. 21, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \next4: fix i_data_sem unlock order in ext4_ind_migrate()  \n  \nFuzzing reports a possible deadlock in jbd2_log_wait_commit.  \n  \nThis issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require  \nsynchronous updates because the file descriptor is opened with O_SYNC.  \nThis can lead to the jbd2_journal_stop() function calling  \njbd2_might_wait_for_commit(), potentially causing a deadlock if the  \nEXT4_IOC_MIGRATE call races with a write(2) system call.  \n  \nThis problem only arises when CONFIG_PROVE_LOCKING is enabled. In this  \ncase, the jbd2_might_wait_for_commit macro locks jbd2_handle in the  \njbd2_journal_stop function while i_data_sem is locked. This triggers  \nlockdep because the jbd2_journal_start function might also lock the same  \njbd2_handle simultaneously.  \n  \nFound by Linux Verification Center (linuxtesting.org) with syzkaller.  \n  \nRule: add \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T21:52:49.000000Z"}, {"uuid": "ffd9ca11-9234-44be-8d47-ec89441e8aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50003", "type": "seen", "source": "https://t.me/cvedetector/8540", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50003 - \"AMD Display Thunderbolt Suspend Hang\"\", \n  \"Content\": \"CVE ID : CVE-2024-50003 \nPublished : Oct. 21, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/amd/display: Fix system hang while resume with TBT monitor  \n  \n[Why]  \nConnected with a Thunderbolt monitor and do the suspend and the system  \nmay hang while resume.  \n  \nThe TBT monitor HPD will be triggered during the resume procedure  \nand call the drm_client_modeset_probe() while  \nstruct drm_connector connector->dev->master is NULL.  \n  \nIt will mess up the pipe topology after resume.  \n  \n[How]  \nSkip the TBT monitor HPD during the resume procedure because we  \ncurrently will probe the connectors after resume by default.  \n  \n(cherry picked from commit 453f86a26945207a16b8f66aaed5962dc2b95b85) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T21:52:45.000000Z"}, {"uuid": "03725a2b-7c5a-4030-96ba-1e90f4970d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50007", "type": "seen", "source": "https://t.me/cvedetector/8530", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50007 - ALSA ASIHPI Array Index Out of Bounds\", \n  \"Content\": \"CVE ID : CVE-2024-50007 \nPublished : Oct. 21, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nALSA: asihpi: Fix potential OOB array access  \n  \nASIHPI driver stores some values in the static array upon a response  \nfrom the driver, and its index depends on the firmware.  We shouldn't  \ntrust it blindly.  \n  \nThis patch adds a sanity check of the array index to fit in the array  \nsize. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T21:52:31.000000Z"}, {"uuid": "b301a020-ff82-450f-990a-b602c5acf77a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50005", "type": "seen", "source": "https://t.me/cvedetector/8529", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50005 - Linux Kernel RCU Dereference Vuln in mac802154 Scan Worker\", \n  \"Content\": \"CVE ID : CVE-2024-50005 \nPublished : Oct. 21, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nmac802154: Fix potential RCU dereference issue in mac802154_scan_worker  \n  \nIn the `mac802154_scan_worker` function, the `scan_req->type` field was  \naccessed after the RCU read-side critical section was unlocked. According  \nto RCU usage rules, this is illegal and can lead to unpredictable  \nbehavior, such as accessing memory that has been updated or causing  \nuse-after-free issues.  \n  \nThis possible bug was identified using a static analysis tool developed  \nby myself, specifically designed to detect RCU-related issues.  \n  \nTo address this, the `scan_req->type` value is now stored in a local  \nvariable `scan_req_type` while still within the RCU read-side critical  \nsection. The `scan_req_type` is then used after the RCU lock is released,  \nensuring that the type value is safely accessed without violating RCU  \nrules. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T21:52:30.000000Z"}, {"uuid": "4787805a-dbeb-40af-af85-071771ff8e65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50004", "type": "seen", "source": "https://t.me/cvedetector/8528", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50004 - AMD Display DCN35 Mismatch Bug\", \n  \"Content\": \"CVE ID : CVE-2024-50004 \nPublished : Oct. 21, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35  \n  \n[WHY & HOW]  \nMismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause  \ngrey screen and system hang. Remove EnhancedPrefetchScheduleAccelerationFinal value override  \nto match HW spec.  \n  \n(cherry picked from commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T21:52:30.000000Z"}, {"uuid": "5014c649-86d3-46bb-bbce-bd5bec86cda7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50002", "type": "seen", "source": "https://t.me/cvedetector/8508", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50002 - Linux Kernel static_call: Off-by-One Pointer Dereference Vulnerability in Modules\", \n  \"Content\": \"CVE ID : CVE-2024-50002 \nPublished : Oct. 21, 2024, 6:15 p.m. | 44\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nstatic_call: Handle module init failure correctly in static_call_del_module()  \n  \nModule insertion invokes static_call_add_module() to initialize the static  \ncalls in a module. static_call_add_module() invokes __static_call_init(),  \nwhich allocates a struct static_call_mod to either encapsulate the built-in  \nstatic call sites of the associated key into it so further modules can be  \nadded or to append the module to the module chain.  \n  \nIf that allocation fails the function returns with an error code and the  \nmodule core invokes static_call_del_module() to clean up eventually added  \nstatic_call_mod entries.  \n  \nThis works correctly, when all keys used by the module were converted over  \nto a module chain before the failure. If not then static_call_del_module()  \ncauses a #GP as it blindly assumes that key::mods points to a valid struct  \nstatic_call_mod.  \n  \nThe problem is that key::mods is not a individual struct member of struct  \nstatic_call_key, it's part of a union to save space:  \n  \n        union {  \n                /* bit 0: 0 = mods, 1 = sites */  \n                unsigned long type;  \n                struct static_call_mod *mods;  \n                struct static_call_site *sites;  \n };  \n  \nkey::sites is a pointer to the list of built-in usage sites of the static  \ncall. The type of the pointer is differentiated by bit 0. A mods pointer  \nhas the bit clear, the sites pointer has the bit set.  \n  \nAs static_call_del_module() blidly assumes that the pointer is a valid  \nstatic_call_mod type, it fails to check for this failure case and  \ndereferences the pointer to the list of built-in call sites, which is  \nobviously bogus.  \n  \nCure it by checking whether the key has a sites or a mods pointer.  \n  \nIf it's a sites pointer then the key is not to be touched. As the sites are  \nwalked in the same order as in __static_call_init() the site walk can be  \nterminated because all subsequent sites have not been touched by the init  \ncode due to the error exit.  \n  \nIf it was converted before the allocation fail, then the inner loop which  \nsearches for a module match will find nothing.  \n  \nA fail in the second allocation in __static_call_init() is harmless and  \ndoes not require special treatment. The first allocation succeeded and  \nconverted the key to a module chain. That first entry has mod::mod == NULL  \nand mod::next == NULL, so the inner loop of static_call_del_module() will  \nneither find a module match nor a module chain. The next site in the walk  \nwas either already converted, but can't match the module, or it will exit  \nthe outer loop because it has a static_call_site pointer and not a  \nstatic_call_mod pointer. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T21:01:54.000000Z"}, {"uuid": "7331c50e-381e-4211-b598-8b578d83c06c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50000", "type": "seen", "source": "https://t.me/cvedetector/8506", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50000 - \"Melanox Linux Kernel NULL Pointer Dereference\"\", \n  \"Content\": \"CVE ID : CVE-2024-50000 \nPublished : Oct. 21, 2024, 6:15 p.m. | 44\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()  \n  \nIn mlx5e_tir_builder_alloc() kvzalloc() may return NULL  \nwhich is dereferenced on the next line in a reference  \nto the modify field.  \n  \nFound by Linux Verification Center (linuxtesting.org) with SVACE. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T21:01:52.000000Z"}, {"uuid": "38fad1a7-c0e4-45f0-8ac8-748fe22424ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50007", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "099230cb-1429-4b0c-8706-d8752f45fd8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-5000", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01", "content": "", "creation_timestamp": "2026-03-17T12:00:00.000000Z"}]}