{"vulnerability": "cve-2024-4386", "sightings": [{"uuid": "afbe44d1-ae2c-4b61-a59c-bb37554a3045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43861", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "fa3b4fd2-e3d0-40bc-b8cd-3717d017bb54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43867", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "a14e33e5-f55d-427d-b677-1efddca5bf71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43863", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "b63445a6-5467-4ee9-84eb-bb50f943aec2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43866", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "0e0e6e98-e053-439b-9dc9-19782c63c000", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43864", "type": "seen", "source": "https://t.me/cvedetector/3701", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43864 - IBM Mellanox Linux Kernel Panic-Risk \u7528\u6236\u6001CONTEXT\u5931\u6548\u53ef\u80fd\u6027\", \n \"Content\": \"CVE ID : CVE-2024-43864 \nPublished : Aug. 21, 2024, 12:15 a.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/mlx5e: Fix CT entry update leaks of modify header context \n \nThe cited commit allocates a new modify header to replace the old \none when updating CT entry. But if failed to allocate a new one, eg. \nexceed the max number firmware can support, modify header will be \nan error pointer that will trigger a panic when deallocating it. And \nthe old modify header point is copied to old attr. When the old \nattr is freed, the old modify header is lost. \n \nFix it by restoring the old attr to attr when failed to allocate a \nnew modify header context. So when the CT entry is freed, the right \nmodify header context will be freed. And the panic of accessing \nerror pointer is also fixed. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T03:10:18.000000Z"}, {"uuid": "d1f144f4-0ebf-432f-b37d-9f2abb4cac53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43862", "type": "seen", "source": "https://t.me/cvedetector/3700", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43862 - FSL QMC HDSL HLC Linux Kernel Deadlock Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43862 \nPublished : Aug. 21, 2024, 12:15 a.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex \n \nThe carrier_lock spinlock protects the carrier detection. While it is \nheld, framer_get_status() is called which in turn takes a mutex. \nThis is not correct and can lead to a deadlock. \n \nA run with PROVE_LOCKING enabled detected the issue: \n [ BUG: Invalid wait context ] \n ... \n c204ddbc (&framer->mutex){+.+.}-{3:3}, at: framer_get_status+0x40/0x78 \n other info that might help us debug this: \n context-{4:4} \n 2 locks held by ifconfig/146: \n #0: c0926a38 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x12c/0x664 \n #1: c2006a40 (&qmc_hdlc->carrier_lock){....}-{2:2}, at: qmc_hdlc_framer_set_carrier+0x30/0x98 \n \nAvoid the spinlock usage and convert carrier_lock to a mutex. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T03:10:18.000000Z"}, {"uuid": "5a00991b-6e1c-4d21-8555-df850db0966a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43866", "type": "seen", "source": "https://t.me/cvedetector/3699", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43866 - \"Melbourne Networks mlx5 NULL Pointer Access Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-43866 \nPublished : Aug. 21, 2024, 12:15 a.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/mlx5: Always drain health in shutdown callback \n \nThere is no point in recovery during device shutdown. if health \nwork started need to wait for it to avoid races and NULL pointer \naccess. \n \nHence, drain health WQ on shutdown callback. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T03:10:14.000000Z"}, {"uuid": "8a5edaa1-eee8-45e0-93b7-d04833c828bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43869", "type": "seen", "source": "https://t.me/cvedetector/3712", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43869 - Linux Kernel Perf Event Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43869 \nPublished : Aug. 21, 2024, 1:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nperf: Fix event leak upon exec and file release \n \nThe perf pending task work is never waited upon the matching event \nrelease. In the case of a child event, released via free_event() \ndirectly, this can potentially result in a leaked event, such as in the \nfollowing scenario that doesn't even require a weak IRQ work \nimplementation to trigger: \n \nschedule() \n prepare_task_switch() \n=======> \n perf_event_overflow() \n event->pending_sigtrap = ... \n irq_work_queue(&event->pending_irq) \n \n perf_event_task_sched_out() \n event_sched_out() \n event->pending_sigtrap = 0; \n atomic_long_inc_not_zero(&event->refcount) \n task_work_add(&event->pending_task) \n finish_lock_switch() \n=======> \n perf_pending_irq() \n //do nothing, rely on pending task work \n \n \nbegin_new_exec() \n perf_event_exit_task() \n perf_event_exit_event() \n // If is child event \n free_event() \n WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1) \n // event is leaked \n \nSimilar scenarios can also happen with perf_event_remove_on_exec() or \nsimply against concurrent perf_event_release(). \n \nFix this with synchonizing against the possibly remaining pending task \nwork while freeing the event, just like is done with remaining pending \nIRQ work. This means that the pending task callback neither need nor \nshould hold a reference to the event, preventing it from ever beeing \nfreed. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T04:00:36.000000Z"}, {"uuid": "16529cc2-c37a-4920-8ea5-922723bdcb75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43863", "type": "seen", "source": "https://t.me/cvedetector/3703", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43863 - \"VMware Graphics DRM Deadlock\"\", \n \"Content\": \"CVE ID : CVE-2024-43863 \nPublished : Aug. 21, 2024, 12:15 a.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/vmwgfx: Fix a deadlock in dma buf fence polling \n \nIntroduce a version of the fence ops that on release doesn't remove \nthe fence from the pending list, and thus doesn't require a lock to \nfix poll->fence wait->fence unref deadlocks. \n \nvmwgfx overwrites the wait callback to iterate over the list of all \nfences and update their status, to do that it holds a lock to prevent \nthe list modifcations from other threads. The fence destroy callback \nboth deletes the fence and removes it from the list of pending \nfences, for which it holds a lock. \n \ndma buf polling cb unrefs a fence after it's been signaled: so the poll \ncalls the wait, which signals the fences, which are being destroyed. \nThe destruction tries to acquire the lock on the pending fences list \nwhich it can never get because it's held by the wait from which it \nwas called. \n \nOld bug, but not a lot of userspace apps were using dma-buf polling \ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T03:10:20.000000Z"}, {"uuid": "c4803275-e4ec-4cd3-af2a-6ab79768e592", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43867", "type": "seen", "source": "https://t.me/cvedetector/3697", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43867 - NVIDIA Nouveau Linux Kernel Reference Count Underflow vulnerabiltiy\", \n \"Content\": \"CVE ID : CVE-2024-43867 \nPublished : Aug. 21, 2024, 12:15 a.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/nouveau: prime: fix refcount underflow \n \nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and \nhence the backing ttm_bo) leads to a refcount underflow. \n \nInstead of calling nouveau_bo_ref() in the unwind path of \ndrm_gem_object_init(), clean things up manually. \n \n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T03:10:12.000000Z"}, {"uuid": "dc493a37-67ca-4559-ac68-a2829d162235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43868", "type": "seen", "source": "https://t.me/cvedetector/3695", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43868 - RISC-V Purgatory Unaligned Memory Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43868 \nPublished : Aug. 21, 2024, 12:15 a.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nriscv/purgatory: align riscv_kernel_entry \n \nWhen alignment handling is delegated to the kernel, everything must be \nword-aligned in purgatory, since the trap handler is then set to the \nkexec one. Without the alignment, hitting the exception would \nultimately crash. On other occasions, the kernel's handler would take \ncare of exceptions. \nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating \nunaligned access exceptions and the kernel configured to handle them. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T03:10:10.000000Z"}, {"uuid": "37d722c5-24b9-43f9-b610-e2db185694d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43865", "type": "seen", "source": "https://t.me/cvedetector/3702", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43865 - IBM zSeries Linux FPU Stack-Based Buffer Overflow\", \n \"Content\": \"CVE ID : CVE-2024-43865 \nPublished : Aug. 21, 2024, 12:15 a.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ns390/fpu: Re-add exception handling in load_fpu_state() \n \nWith the recent rewrite of the fpu code exception handling for the \nlfpc instruction within load_fpu_state() was erroneously removed. \n \nAdd it again to prevent that loading invalid floating point register \nvalues cause an unhandled specification exception. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T03:10:19.000000Z"}, {"uuid": "eaa5c8be-4f68-4fd5-9852-2a1424a0a3cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43861", "type": "seen", "source": "https://t.me/cvedetector/3693", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43861 - Qualcomm Atheros QMI WAN Memory Corruption\", \n \"Content\": \"CVE ID : CVE-2024-43861 \nPublished : Aug. 20, 2024, 10:15 p.m. | 22\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: usb: qmi_wwan: fix memory leak for not ip packets \n \nFree the unused skb when not ip packets arrive. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T00:39:48.000000Z"}, {"uuid": "dee6ce0d-21f4-4274-a2dc-bb1149b9061b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-43866", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "7ac47ad3-f9b7-456b-b089-3a1ebdd4c49d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43860", "type": "seen", "source": "https://t.me/cvedetector/3415", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43860 - \"Linux kernel remoteproc imx_rproc Memory Access Violation\"\", \n \"Content\": \"CVE ID : CVE-2024-43860 \nPublished : Aug. 17, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nremoteproc: imx_rproc: Skip over memory region when node value is NULL \n \nIn imx_rproc_addr_init() \"nph = of_count_phandle_with_args()\" just counts \nnumber of phandles. But phandles may be empty. So of_parse_phandle() in \nthe parsing loop (0 Severity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T13:09:07.000000Z"}]}