Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-58058)

ubifs: skip dumping tnc tree when zroot is null This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503392; scriptversion"1.2";...

Siemens SIMATIC Devices Out-of-bounds Read (CVE-2024-42305)

In the Linux kernel, the following vulnerability has been resolved: ext4: check dot and dotdot of dxroot before making dir indexed This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-41016)

ocfs2: strict bound check before memcmp in ocfs2xattrfindentry xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. This plugin only...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Transmission of Private Resources into a New Sphere (CVE-2024-40942)

wifi: mac80211: mesh: Fix leak of meshpreqqueue objects The hwmp code use objects of type meshpreqqueue, added to a list in ieee80211ifmesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. This...

Siemens SIMATIC Devices Unchecked Error Condition (CVE-2024-36939)

In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpcprocregister in nfsnetinit. syzkaller reported a warning 0 triggered while destroying immature netns. rpcprocregister was called in initnfsfs, but its error has been ignored since at least the initial comm...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-34027)

f2fs: compress: filesystem metadata including blkaddr in dnode, inode fields and .totalvalidblockcount may be corrupted after SPO case. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2024-39503)

netfilter: ipset: race between namespace cleanup and gc in the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup. The latter uses data from the destroyed set which thus leads use after free. This plugin only...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-38565)

wifi: ar5523: enable proper endpoint verification Syzkaller reports 1 hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their according types intact. Sadly, this patch has not been tested on real...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2024-35950)

drm/client: Fully protect modes with dev-modeconfig.mutex This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503496; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-26885)

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix DEVMAPHASH overflow check on 32-bit arches The devmap code allocates a number hash buckets equal to the next power of two of the maxentries value provided when creating the map. When rounding up to the next power of two,...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-47705)

In the Linux kernel, the following vulnerability has been resolved: block: fix potential invalid pointer dereference in blkaddpartition The blkaddpartition function initially used a single if-condition ISERRpart to check for errors when adding a partition. This was modified to handle the specific...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26875)

media: pvrusb2: fix uaf in pvr2contextsetnotify. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503541; scriptversion"1.2";...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Missing Initialization of a Variable (CVE-2024-53101)

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in fromkuid and fromkgid ocfs2setattr uses attr-iamode, attr-iauid and attr-iagid in a trace point even though ATTRMODE, ATTRUID and ATTRGID aren't set. Initialize all fields of newattrs to avoid...

Siemens SIMATIC Devices Use After Free (CVE-2024-35955)

kprobes: Fix possible use-after-free issue on kprobe registration This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503699; scriptversion"1.2";...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-50302)

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via...

Siemens SIMATIC Devices Improper Resource Shutdown or Release (CVE-2024-36004)

i40e: Do not use WQMEMRECLAIM flag for workqueue This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503470; scriptversion"1.2";...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-49944)

sctp: set skstate back to CLOSED if autobind fails in sctplistenstart. In sctplistenstart invoked by sctpinetlisten, it should set the skstate back to CLOSED if sctpautobind fails due to whatever reason. Otherwise, next time when calling sctpinetlisten, if sctpsksk-reuse is already set via...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-50142)

In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a xfrm:Validate address prefix lengths in the xfrm selector. syzbot created an SA with...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2021-47316)

nfsd: NULL dereference in nfs3svcencodegetaclres. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503651; scriptversion"1.3";...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-36006)

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix incorrect list API usage This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...