Data from Rhode Island’s Health Benefits System Leaked on Dark Web
January 1, 2025AsyncRAT – Active IOCs
January 1, 2025Data from Rhode Island’s Health Benefits System Leaked on Dark Web
January 1, 2025AsyncRAT – Active IOCs
January 1, 2025Severity
Medium
Analysis Summary
CVE-2024-53142 CVSS:7.8
If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. The ability to create an initramfs entry would imply already having full control of the system, so the buffer overrun shouldn't be considered a security vulnerability.
CVE-2024-53141 CVSS:7.8
When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs.
CVE-2024-53140 CVSS:5.5
A Linux kernel vulnerability in Netlink's iterative data dumping allowed sockets to close without completing the dump process, risking unpaired cleanup operations. The issue stemmed from using a workqueue to defer cleanup, which failed if other references to the socket existed. The solution eliminates the workqueue, ensuring cleanup occurs directly in the socket release handler, which always executes in process context. This guarantees proper termination of dumps and avoids race conditions. Additional optimizations, like removing redundant references in dumps, are planned for future kernel releases.
CVE-2024-53139 CVSS:7.8
In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctp_v6_available() A lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints that sctp_v6_available() is calling dev_get_by_index_rcu() and ipv6_chk_addr() without holding rcu.
CVE-2024-53138 CVSS:5.5
The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. But on the release path (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.
CVE-2024-53137 CVSS:5.5
It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault.
CVE-2024-53136 CVSS:4.7
Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS.
Impact
- Gain Access
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2024-53142
- CVE-2024-53141
- CVE-2024-53140
- CVE-2024-53139
- CVE-2024-53138
- CVE-2024-53137
- CVE-2024-53136
Affected Vendors
Affected Products
- Linux Kernel 2.6.12 - 4.19.325
- Linux Kernel 4.20 - 6.6.64
- Linux Kernel 6.12 - 6.12.2
- Linux Kernel 6.7 - 6.11.11
- Linux Kernel 4.4.38 - 4.5
- Linux Kernel 4.8.14 - 4.9
- Linux Kernel 4.9 - 6.1.119
- Linux Kernel 6.2 - 6.6.63
- Linux Kernel 6.7 - 6.11.10
- Linux Kernel 6.12 Update RC1
- Linux Kernel 6.12 Update RC2
- Linux Kernel 6.12 Update RC3
- Linux Kernel 6.12 Update RC4
- Linux Kernel 6.12 Update RC5
- Linux Kernel 6.12 Update RC6
- Linux Kernel 6.12 Update RC7
Remediation
Refer to Linux Kernel Website for patch, update, or suggested workaround information.