CVSS: -EPSS: 0%CPEs: 8EXPL: 1CVE-2024-44947 – fuse: Initialize beyond-EOF page contents before setting uptodate
https://notcve.org/view.php?id=CVE-2024-44947
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). • https://github.com/Abdurahmon3236/CVE-2024-44947 https://git.kernel.org/stable/c/a1d75f258230b75d46aecdf28b2e732413028863 https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6 https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9 https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4 https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6 https:&#x •
CVSS: 8.2EPSS: 0%CPEs: 15EXPL: 0CVE-2024-23359 – Buffer Over-read in Multi Mode Call Processor
https://notcve.org/view.php?id=CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41160 – Liteos-A has an use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-41160
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. en OpenHarmony v4.1.0 y versiones anteriores se permite que un atacante local haga que el permiso común se actualice a superusuario y se filtre información confidencial mediante use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41157 – Liteos-A has an use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-41157
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. en OpenHarmony v4.1.0 y versiones anteriores se permite que un atacante local haga que el permiso común se actualice a superusuario y se filtre información confidencial mediante use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-39775 – Net Manager has an out-of-bounds read permission bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-39775
in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read. en OpenHarmony v4.1.0 y versiones anteriores, permitir que un atacante remoto provoque fuga de información a través de lecturas fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md • CWE-125: Out-of-bounds Read CWE-922: Insecure Storage of Sensitive Information •