{"vulnerability": "cve-2024-4678", "sightings": [{"uuid": "1544a7f6-b1e1-4462-9317-24b76c9630fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46782", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "f83ad8f1-0610-4add-b787-ce8d1686e7f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46783", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "a8fcff63-f6e9-4a62-9edd-9eda5efbb5ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46787", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "44668d9f-c805-4f3f-aab4-fb1a5e209293", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46784", "type": "seen", "source": "https://t.me/cvedetector/5946", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46784 - Intel Mana NAPI Race Condition Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-46784 \nPublished : Sept. 18, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup \n \nCurrently napi_disable() gets called during rxq and txq cleanup, \neven before napi is enabled and hrtimer is initialized. It causes \nkernel panic. \n \n? page_fault_oops+0x136/0x2b0 \n ? page_counter_cancel+0x2e/0x80 \n ? do_user_addr_fault+0x2f2/0x640 \n ? refill_obj_stock+0xc4/0x110 \n ? exc_page_fault+0x71/0x160 \n ? asm_exc_page_fault+0x27/0x30 \n ? __mmdrop+0x10/0x180 \n ? __mmdrop+0xec/0x180 \n ? hrtimer_active+0xd/0x50 \n hrtimer_try_to_cancel+0x2c/0xf0 \n hrtimer_cancel+0x15/0x30 \n napi_disable+0x65/0x90 \n mana_destroy_rxq+0x4c/0x2f0 \n mana_create_rxq.isra.0+0x56c/0x6d0 \n ? mana_uncfg_vport+0x50/0x50 \n mana_alloc_queues+0x21b/0x320 \n ? skb_dequeue+0x5f/0x80 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T10:53:24.000000Z"}, {"uuid": "4ec01b9f-f7f2-4427-8130-e577133170ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46783", "type": "seen", "source": "https://t.me/cvedetector/5945", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46783 - Linux tcp_bpf Send Message Buffer Overflow ( SEGFAULT )\", \n \"Content\": \"CVE ID : CVE-2024-46783 \nPublished : Sept. 18, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ntcp_bpf: fix return value of tcp_bpf_sendmsg() \n \nWhen we cork messages in psock->cork, the last message triggers the \nflushing will result in sending a sk_msg larger than the current \nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes \nnegative at least in the following case: \n \n468 case __SK_DROP: \n469 default: \n470 sk_msg_free_partial(sk, msg, tosend); \n471 sk_msg_apply_bytes(psock, tosend); \n472 *copied -= (tosend + delta); // <====\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T10:53:23.000000Z"}, {"uuid": "9d218992-be86-4396-b11f-645885861715", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46782", "type": "seen", "source": "https://t.me/cvedetector/5943", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46782 - Here is the title: \"IPv6 ILA Rhashtable Use-After-Free Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-46782 \nPublished : Sept. 18, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nila: call nf_unregister_net_hooks() sooner \n \nsyzbot found an use-after-free Read in ila_nf_input [1] \n \nIssue here is that ila_xlat_exit_net() frees the rhashtable, \nthen call nf_unregister_net_hooks(). \n \nIt should be done in the reverse way, with a synchronize_rcu(). \n \nThis is a good match for a pre_exit() method. \n \n[1] \n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] \n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline] \n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline] \n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 \nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16 \n \nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0 \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 \nCall Trace: \n \n __dump_stack lib/dump_stack.c:93 [inline] \n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 \n print_address_description mm/kasan/report.c:377 [inline] \n print_report+0x169/0x550 mm/kasan/report.c:488 \n kasan_report+0x143/0x180 mm/kasan/report.c:601 \n rht_key_hashfn include/linux/rhashtable.h:159 [inline] \n __rhashtable_lookup include/linux/rhashtable.h:604 [inline] \n rhashtable_lookup include/linux/rhashtable.h:646 [inline] \n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 \n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline] \n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline] \n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190 \n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] \n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 \n nf_hook include/linux/netfilter.h:269 [inline] \n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312 \n __netif_receive_skb_one_core net/core/dev.c:5661 [inline] \n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775 \n process_backlog+0x662/0x15b0 net/core/dev.c:6108 \n __napi_poll+0xcb/0x490 net/core/dev.c:6772 \n napi_poll net/core/dev.c:6841 [inline] \n net_rx_action+0x89b/0x1240 net/core/dev.c:6963 \n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 \n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928 \n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 \n kthread+0x2f0/0x390 kernel/kthread.c:389 \n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 \n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 \n \n \nThe buggy address belongs to the physical page: \npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620 \nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) \npage_type: 0xbfffffff(buddy) \nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000 \nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000 \npage dumped because: kasan: bad access detected \npage_owner tracks the page as freed \npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187 \n set_page_owner include/linux/page_owner.h:32 [inline] \n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493 \n prep_new_page mm/page_alloc.c:1501 [inline] \n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439 \n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695 \n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] \n alloc_pages_node_noprof include/linux/gfp.h:296 [inline] \n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103 \n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130 \n __do_kmalloc_node m[...]", "creation_timestamp": "2024-09-18T10:52:47.000000Z"}, {"uuid": "0eec6dce-e1fd-4581-bd40-8187aa7e9fce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46781", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "ac5b9b41-edf7-4c59-b436-c0fcef418e46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46780", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "27d2509a-1752-4495-be4d-288178750957", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46785", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/5947", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46785 - Linux Eventfs Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-46785 \nPublished : Sept. 18, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \neventfs: Use list_del_rcu() for SRCU protected list variable \n \nChi Zhiling reported: \n \n We found a null pointer accessing in tracefs[1], the reason is that the \n variable 'ei_child' is set to LIST_POISON1, that means the list was \n removed in eventfs_remove_rec. so when access the ei_child->is_freed, the \n panic triggered. \n \n by the way, the following script can reproduce this panic \n \n loop1 (){ \n while true \n do \n echo \"p:kp submit_bio\" > /sys/kernel/debug/tracing/kprobe_events \n echo \"\" > /sys/kernel/debug/tracing/kprobe_events \n done \n } \n loop2 (){ \n while true \n do \n tree /sys/kernel/debug/tracing/events/kprobes/ \n done \n } \n loop1 & \n loop2 \n \n [1]: \n [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150 \n [ 1147.968239][T17331] Mem abort info: \n [ 1147.971739][T17331] ESR = 0x0000000096000004 \n [ 1147.976172][T17331] EC = 0x25: DABT (current EL), IL = 32 bits \n [ 1147.982171][T17331] SET = 0, FnV = 0 \n [ 1147.985906][T17331] EA = 0, S1PTW = 0 \n [ 1147.989734][T17331] FSC = 0x04: level 0 translation fault \n [ 1147.995292][T17331] Data abort info: \n [ 1147.998858][T17331] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 \n [ 1148.005023][T17331] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 \n [ 1148.010759][T17331] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 \n [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges \n [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP \n [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls] \n [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G W ------- ---- 6.6.43 #2 \n [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650 \n [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020 \n [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) \n [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398 \n [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398 \n [ 1148.115969][T17331] sp : ffff80008d56bbd0 \n [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000 \n [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100 \n [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10 \n [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000 \n [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0 \n [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 \n [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0 \n [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862 \n [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068 \n [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001 \n [ 1148.198131][T17331] Call trace: \n [ 1148.201259][T17331] eventfs_iterate+0x2c0/0x398 \n [ 1148.205864][T17331] iterate_dir+0x98/0x188 \n [ 1[...]", "creation_timestamp": "2024-09-18T10:53:25.000000Z"}, {"uuid": "36c429c9-0564-4fc5-895f-4483f3ef1677", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46786", "type": "seen", "source": "https://t.me/cvedetector/5949", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46786 - Apache Linux fscache Use-After-Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-46786 \nPublished : Sept. 18, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF \n \nThe fscache_cookie_lru_timer is initialized when the fscache module \nis inserted, but is not deleted when the fscache module is removed. \nIf timer_reduce() is called before removing the fscache module, \nthe fscache_cookie_lru_timer will be added to the timer list of \nthe current cpu. Afterwards, a use-after-free will be triggered \nin the softIRQ after removing the fscache module, as follows: \n \n================================================================== \nBUG: unable to handle page fault for address: fffffbfff803c9e9 \n PF: supervisor read access in kernel mode \n PF: error_code(0x0000) - not-present page \nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0 \nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI \nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855 \nTainted: [W]=WARN \nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0 \nCall Trace: \n \n tmigr_handle_remote_up+0x627/0x810 \n __walk_groups.isra.0+0x47/0x140 \n tmigr_handle_remote+0x1fa/0x2f0 \n handle_softirqs+0x180/0x590 \n irq_exit_rcu+0x84/0xb0 \n sysvec_apic_timer_interrupt+0x6e/0x90 \n \n \n asm_sysvec_apic_timer_interrupt+0x1a/0x20 \nRIP: 0010:default_idle+0xf/0x20 \n default_idle_call+0x38/0x60 \n do_idle+0x2b5/0x300 \n cpu_startup_entry+0x54/0x60 \n start_secondary+0x20d/0x280 \n common_startup_64+0x13e/0x148 \n \nModules linked in: [last unloaded: netfs] \n================================================================== \n \nTherefore delete fscache_cookie_lru_timer when removing the fscahe module. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T10:53:27.000000Z"}, {"uuid": "6f91f5bf-4924-4f02-9931-6dce5867f2ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46781", "type": "seen", "source": "https://t.me/cvedetector/5942", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46781 - \"Linux Kernel Nilfs2 UAF Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-46781 \nPublished : Sept. 18, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnilfs2: fix missing cleanup on rollforward recovery error \n \nIn an error injection test of a routine for mount-time recovery, KASAN \nfound a use-after-free bug. \n \nIt turned out that if data recovery was performed using partial logs \ncreated by dsync writes, but an error occurred before starting the log \nwriter to create a recovered checkpoint, the inodes whose data had been \nrecovered were left in the ns_dirty_files list of the nilfs object and \nwere not freed. \n \nFix this issue by cleaning up inodes that have read the recovery data if \nthe recovery routine fails midway before the log writer starts. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T10:52:46.000000Z"}, {"uuid": "b6479510-5074-47fc-9456-76d99e6696db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46780", "type": "seen", "source": "https://t.me/cvedetector/5941", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46780 - \"Linux Nilfs2 Sysfs Attribute Denial of Service Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-46780 \nPublished : Sept. 18, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnilfs2: protect references to superblock parameters exposed in sysfs \n \nThe superblock buffers of nilfs2 can not only be overwritten at runtime \nfor modifications/repairs, but they are also regularly swapped, replaced \nduring resizing, and even abandoned when degrading to one side due to \nbacking device issues. So, accessing them requires mutual exclusion using \nthe reader/writer semaphore \"nilfs->ns_sem\". \n \nSome sysfs attribute show methods read this superblock buffer without the \nnecessary mutual exclusion, which can cause problems with pointer \ndereferencing and memory access, so fix it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T10:52:45.000000Z"}]}