?day POC 漏洞数据库

Alma Linux: CVE-2022-49043: Important: libxml2 security update (ALSA-2025-1350) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/26/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Solution(s) alma-upgrade-libxml2 alma-upgrade-libxml2-devel alma-upgrade-python3-libxml2 References https://attackerkb.com/topics/cve-2022-49043 CVE - 2022-49043 https://errata.almalinux.org/9/ALSA-2025-1350.html

Google Chrome Vulnerability: CVE-2024-6103 Use after free in Dawn Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/19/2024 Created 06/20/2024 Added 06/19/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-6103 CVE - 2024-6103

Alma Linux: CVE-2024-38556: Moderate: kernel security update (ALSA-2024-8162) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/29/2024 Added 10/28/2024 Modified 10/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely for the sem, blocking flow now waits for index to be allocated or a sem acquisition timeout before beginning the timer for FW completion. Kerne…

OS X update for AppleMobileFileIntegrity (CVE-2025-24122) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24122 CVE - 2025-24122 https://support…

Debian: CVE-2024-38548: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/17/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode. Solution(s…

Huawei EulerOS: CVE-2024-46826: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 01/16/2025 Added 01/15/2025 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-e…

Huawei EulerOS: CVE-2024-38541: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating…

Debian: CVE-2023-27103: libde265 -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/15/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Solution(s) debian-upgrade-libde265 References https://attackerkb.com/topics/cve-2023-27103 CVE - 2023-27103 DLA-3676-1

Huawei EulerOS: CVE-2021-47579: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (!err && WARN_ON(!newdentry->d_inode)) { The reason is that the cgroup2 filesystem returns from mkdir without instantiating the new dentry. Weird filesystems such as this will be rejected by overlayfs at a later stage during setup, but to prevent such …

Huawei EulerOS: CVE-2024-38555: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command interface and trigger all completions manually. Kernel log: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. ... RIP: 0010:refcount_warn_s…

Huawei EulerOS: CVE-2023-28450: dnsmasq security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/15/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Solution(s) huawei-euleros-2_0_sp11-upgrade-dnsmasq References https://attackerkb.com/topics/cve-2023-28450 CVE - 2023-28450 EulerOS-SA-2023-2287

Amazon Linux AMI 2: CVE-2021-47593: Security patch for kernel (ALASKERNEL-5.10-2022-009) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/19/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk->sk_sock_kern being set correctly: It prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, "mptcp", 6); from working for plain tcp sockets (any userspace-exposed socket). But in case of fallback, accept() can return a plain tcp sk. In such case, sk is still tagged as 'kernel' and …

Oracle Linux: CVE-2021-47582: ELSA-2024-7000:kernel security update (IMPORTANT) (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 06/19/2024 Created 10/24/2024 Added 10/16/2024 Modified 12/10/2024 Description In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout value.If timeout value is very large and the device being accessed does not respond in a reasonable amount of time, the kernel will complain about …

Amazon Linux AMI 2: CVE-2021-47609: Security patch for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically. …

Ubuntu: USN-7231-1 (CVE-2023-27789): Tcpreplay vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/16/2023 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. Solution(s) ubuntu-pro-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27789 CVE - 2023-27789 USN-7231-1

Huawei EulerOS: CVE-2024-38596: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCS…

Huawei EulerOS: CVE-2022-27672: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 03/01/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf …

Rocky Linux: CVE-2023-25155: redis-6 (RLSA-2025-0595) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/02/2023 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. Solution(s) rocky-upgrade-redis rocky-upgrade-redis-debuginfo rocky-upgrade-…

Huawei EulerOS: CVE-2024-38558: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet. OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure with the metadata like conntrack state, …

Huawei EulerOS: CVE-2021-47589: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_ioremap, there is `list_for_each_entry_safe` and `netif_napi_del` which aims to delete all entries in `dev->napi_list`. The program has added an entry `adapter->rx_ring->napi` which…

Huawei EulerOS: CVE-2024-38552: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, an er…

SUSE: CVE-2023-26769: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Solution(s) suse-upgrade-liblouis-data suse-upgrade-liblouis-devel suse-upgrade-liblouis-doc suse-upgrade-liblouis-tools suse-upgrade-liblouis14 suse-upgrade-liblouis19 suse-upgrade-liblouis20 suse-upgrade-liblouis9 suse-upgrade-python-louis suse-upgrade-python3-louis …

Oracle Linux: CVE-2024-38549: ELSA-2024-12581: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and veri…

Debian: CVE-2021-47595: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/19/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2) mausezahn ddd0-A 10.10.10.1 -B 10.10.10.2 -c 0 -a own -b 00:c1:a0:c1:a0:00 -t udp & 3) tc qdisc change dev ddd0 handle 10: ets bands 4 strict 2 quanta 2500 2500 priomap …

Amazon Linux AMI 2: CVE-2023-26767: Security patch for liblouis (ALAS-2023-2013) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. Solution(s) amazon-linux-ami-2-upgrade-liblouis amazon-linux-ami-2-upgrade-liblouis-debuginfo amazon-linux-ami-2-upgrade-liblouis-devel amazon-linux-ami-2-upgrade-liblouis-doc amazon-linux-ami-2-upgrade-liblouis-utils amazon-linux-ami-2-upgrade-python2-louis ama…