Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2024/07/12 1:15 p.m.20 views

CVE-2024-40954

In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: attaching an fentry probe to sockrelease and the probe calling the bpfgetsocketcookie helper running traceroute -I...

7.8CVSS0.00012EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2024/07/12 1:15 p.m.20 views

CVE-2024-40954

In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: attaching an fentry probe to sockrelease and the probe calling the bpfgetsocketcookie helper running traceroute -I...

7.8CVSS6.4AI score0.00012EPSS
Exploits0References20
CVE
CVEadded 2024/07/12 12:31 p.m.174 views

CVE-2024-40954

The CVE-2024-40954 entry concerns a Linux kernel UAF: a dangling sk pointer may be created on socket creation failure when an fentry probe hits __sock_release() and bpf_get_socket_cookie() is invoked, enabling a use-after-free in __sock_gen_cookie. Reproducing scenario described via traceroute -I...

7.8CVSS7.7AI score0.00012EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2024/07/12 12:31 p.m.24 views

CVE-2024-40954 net: do not leave a dangling sk pointer, when socket creation fails

In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: attaching an fentry probe to sockrelease and the probe calling the bpfgetsocketcookie helper running traceroute -I...

7.8CVSS6AI score0.00012EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2024/07/12 12:31 p.m.20 views

CVE-2024-40954 net: do not leave a dangling sk pointer, when socket creation fails

In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: attaching an fentry probe to sockrelease and the probe calling the bpfgetsocketcookie helper running traceroute -I...

6.5AI score0.00012EPSS
Exploits0References5
NVD
NVDadded 2024/06/19 2:15 p.m.12 views

CVE-2024-38566

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket-sk The verifier assumes that 'sk' field in 'struct socket' is valid and non-NULL when 'socket' pointer itself is trusted and non-NULL. That may not be the case when socket was just creat...

5.5CVSS0.00017EPSS
Exploits0References4
CVE
CVEadded 2024/06/19 1:35 p.m.80 views

CVE-2024-38566

CVE-2024-38566: In the Linux kernel, the bpf verifier had an incorrect assumption that socket->sk is valid when a trusted socket is used, which may not hold for sockets just created and passed to LSM socket_accept hooks. The fix relaxes the verifier assumption and updates tests. The vulnerabil...

5.5CVSS6.4AI score0.00017EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2024/06/19 1:35 p.m.19 views

CVE-2024-38566 bpf: Fix verifier assumptions about socket->sk

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket-sk The verifier assumes that 'sk' field in 'struct socket' is valid and non-NULL when 'socket' pointer itself is trusted and non-NULL. That may not be the case when socket was just creat...

0.00017EPSS
Exploits0References4
Rows per page
Query Builder