Aggregator

A vulnerability classified as critical was found in Linux Kernel up to 6.12.5. This vulnerability affects the function netdev_tx_reset_queue in the library lib/dynamic_queue_limits.c of the component virtio_net. The manipulation leads to use after free. This vulnerability was named CVE-2024-56674. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.3. This affects the function btrfs_encoded_read_endio. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-56582. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4. It has been rated as critical. Affected by this issue is some unknown functionality of the component hisi_sas. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-56588. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4. It has been declared as critical. Affected by this vulnerability is the function brightness_show. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-56587. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.119/6.6.65/6.12.4. It has been classified as problematic. Affected is the function xa_store. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-56584. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.65/6.12.4 and classified as problematic. This issue affects the function migrate_enable. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2024-56583. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.4 and classified as problematic. This vulnerability affects the function led_tg_check. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-56650. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.4. This affects the function f2fs_bug_on of the file fs/f2fs/inode.c. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-56586. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.10.230/5.15.173/6.1.119/6.6.65/6.12.4. Affected by this vulnerability is the function cond_resched. The manipulation leads to state issue. This vulnerability is known as CVE-2024-56589. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.119/6.6.65/6.12.4. Affected by this issue is the function setup_tlb_handler of the file kernel/locking/spinlock_rt.c of the component LoongArch. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-56585. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.119/6.6.65/6.12.4. Affected is the function hi3110_can_ist. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-56651. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.1. It has been rated as critical. This issue affects the function container_of. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-53183. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.1. It has been declared as critical. This vulnerability affects the function container_of of the component vector. The manipulation leads to denial of service. This vulnerability was named CVE-2024-53181. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.66/6.12.5. It has been classified as critical. This affects an unknown part of the component Bluetooth. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-56653. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.10/6.12.1 and classified as problematic. Affected by this issue is the function finit_module of the file mm/page_alloc.c of the component virtiofs. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2024-53219. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.4 and classified as problematic. Affected by this vulnerability is the function ip6_negative_advice of the component TCP Connection Handler. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2024-56644. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.4. Affected is the function cleanup_bearer of the component tipc. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-56642. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.4. This issue affects the function dccp_feat_push_confirm. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2024-56643. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.120/6.6.66/6.12.5. This vulnerability affects the function bpf_prog_run_array_uprobe. The manipulation leads to use after free. This vulnerability was named CVE-2024-56675. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

In the first of a two-part series exploring tools and frameworks which can help organizations with remediation prioritization, Sophos X-Ops takes a look at the Common Vulnerability Scoring System (CVSS)