{"vulnerability": "CVE-2024-5027", "sightings": [{"uuid": "34f90bdb-c282-450e-9adb-b7a26368abaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50279", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lsjt6aau4c2r", "content": "", "creation_timestamp": "2025-06-26T19:08:14.004001Z"}, {"uuid": "3c369792-51af-4e90-8a66-ebf3fd72063b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50273", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "2a80b178-001d-490a-99a0-eb3572bbd5f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50279", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "398cdb80-0eff-43ee-81ab-55b7bdbbb1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50278", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "32ed9f2e-cf89-4867-b5e7-66a0936ccab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50273", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507183914802167", "content": "", "creation_timestamp": "2024-11-19T02:09:36.953326Z"}, {"uuid": "ebc9efce-bdb3-4b54-8b0f-4f807bac9863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50276", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507242946380779", "content": "", "creation_timestamp": "2024-11-19T02:24:37.804659Z"}, {"uuid": "b76ab6b2-b286-49d5-9773-1c91301a6d7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50277", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507242959955822", "content": "", "creation_timestamp": "2024-11-19T02:24:38.002998Z"}, {"uuid": "a9729e45-2207-45a0-a4ec-a959682eccd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50270", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507124887518938", "content": "", "creation_timestamp": "2024-11-19T01:54:36.216739Z"}, {"uuid": "9cf8f57a-2b25-4561-bbeb-6baaa44d83d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50275", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507242931849361", "content": "", "creation_timestamp": "2024-11-19T02:24:37.499510Z"}, {"uuid": "39a670a6-cbdd-495b-a31e-1e11c9cda1de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50278", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507242973411637", "content": "", "creation_timestamp": "2024-11-19T02:24:38.354481Z"}, {"uuid": "86027284-1ee1-447e-b6e9-3d55911766e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50274", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507183928619884", "content": "", "creation_timestamp": "2024-11-19T02:09:37.286923Z"}, {"uuid": "53e0234c-91e1-45a6-98b2-f817a980df08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50271", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507183887309387", "content": "", "creation_timestamp": "2024-11-19T02:09:36.598140Z"}, {"uuid": "bb63668e-104e-493e-b4e2-b6f902fb4812", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50272", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507183901368115", "content": "", "creation_timestamp": "2024-11-19T02:09:36.838929Z"}, {"uuid": "b59a14c9-3c09-4cc9-8d64-7ad51dc64fb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50278", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lwbhky6biw2y", "content": "", "creation_timestamp": "2025-08-13T09:00:04.717839Z"}, {"uuid": "47585e3c-0fa7-4a06-80bf-948401da3488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50272", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "6c2cfe33-04f0-4593-96d0-dbcba43cae54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50277", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "c2922ed3-2158-4036-abcf-2d3ea85ce2d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-5027", "type": "seen", "source": "https://t.me/theninjaway1337/1639", "content": "Citrix Workspace app Let Attackers Elevate Privileges From Local User to Root User\n\nA critical security vulnerability has been identified in the Citrix Workspace app for Mac, potentially allowing attackers to elevate their privileges from a local authenticated user to a root user.\n\nThis vulnerability tracked as CVE-2024-5027, poses a significant risk to users and organizations relying on Citrix Workspace for their virtual app and desktop access needs.\n\nThe vulnerability affects the\u00a0Citrix Workspace\u00a0app for Mac versions before 2402.10. If exploited, it allows a local authenticated user to gain root-level access to the system.\n\nThis elevation of privilege could enable the attacker to execute arbitrary commands with the highest level of system privileges, potentially leading to severe security breaches, data loss, or system compromise.\n\nhttps://cybersecuritynews.com/citrix-workspace-app-vulnerability/", "creation_timestamp": "2024-06-01T22:07:36.000000Z"}, {"uuid": "4649f0ed-04a5-44bd-ad08-8f763e331116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50279", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113507301969515427", "content": "", "creation_timestamp": "2024-11-19T02:39:38.388747Z"}, {"uuid": "2d32f58c-4498-49de-8d5a-5274cba0cf6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-50271", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "337b5c63-d541-401e-bfe8-11336b321b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50279", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/11430", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50279 - Linux dm-cache Out-of-Bounds Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50279 \nPublished : Nov. 19, 2024, 2:16 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndm cache: fix out-of-bounds access to the dirty bitset when resizing  \n  \ndm-cache checks the dirty bits of the cache blocks to be dropped when  \nshrinking the fast device, but an index bug in bitset iteration causes  \nout-of-bounds access.  \n  \nReproduce steps:  \n  \n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)  \n  \ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"  \ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"  \ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"  \ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct  \ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\  \n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"  \n  \n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds  \n   access to the dirty bitset (offset 0x80)  \n  \ndmsetup suspend cache  \ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"  \ndmsetup resume cdata  \ndmsetup resume cache  \n  \nKASAN reports:  \n  \n  BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0  \n  Read of size 8 at addr ffffc900000f3080 by task dmsetup/131  \n  \n  (...snip...)  \n  The buggy address belongs to the virtual mapping at  \n   [ffffc900000f3000, ffffc900000f5000) created by:  \n   cache_ctr+0x176a/0x35f0  \n  \n  (...snip...)  \n  Memory state around the buggy address:  \n   ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8  \n   ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  \n  >ffffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8  \n                     ^  \n   ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8  \n   ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8  \n  \nFix by making the index post-incremented. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T04:16:11.000000Z"}, {"uuid": "62dbab47-9ca4-438f-aa5f-e58d7618fba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50278", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/11428", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50278 - \"linux kernel dm cache out-of-bounds access\"\", \n  \"Content\": \"CVE ID : CVE-2024-50278 \nPublished : Nov. 19, 2024, 2:16 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndm cache: fix potential out-of-bounds access on the first resume  \n  \nOut-of-bounds access occurs if the fast device is expanded unexpectedly  \nbefore the first-time resume of the cache table. This happens because  \nexpanding the fast device requires reloading the cache table for  \ncache_create to allocate new in-core data structures that fit the new  \nsize, and the check in cache_preresume is not performed during the  \nfirst resume, leading to the issue.  \n  \nReproduce steps:  \n  \n1. prepare component devices:  \n  \ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"  \ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"  \ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"  \ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct  \n  \n2. load a cache table of 512 cache blocks, and deliberately expand the  \n   fast device before resuming the cache, making the in-core data  \n   structures inadequate.  \n  \ndmsetup create cache --notable  \ndmsetup reload cache --table \"0 524288 cache /dev/mapper/cmeta \\  \n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"  \ndmsetup reload cdata --table \"0 131072 linear /dev/sdc 8192\"  \ndmsetup resume cdata  \ndmsetup resume cache  \n  \n3. suspend the cache to write out the in-core dirty bitset and hint  \n   array, leading to out-of-bounds access to the dirty bitset at offset  \n   0x40:  \n  \ndmsetup suspend cache  \n  \nKASAN reports:  \n  \n  BUG: KASAN: vmalloc-out-of-bounds in is_dirty_callback+0x2b/0x80  \n  Read of size 8 at addr ffffc90000085040 by task dmsetup/90  \n  \n  (...snip...)  \n  The buggy address belongs to the virtual mapping at  \n   [ffffc90000085000, ffffc90000087000) created by:  \n   cache_ctr+0x176a/0x35f0  \n  \n  (...snip...)  \n  Memory state around the buggy address:  \n   ffffc90000084f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8  \n   ffffc90000084f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8  \n  >ffffc90000085000: 00 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8  \n                                             ^  \n   ffffc90000085080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8  \n   ffffc90000085100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8  \n  \nFix by checking the size change on the first resume. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T04:16:10.000000Z"}]}