Bitter APT – Active IOCs
September 13, 2024Multiple Microsoft Products Vulnerabilities
September 13, 2024Bitter APT – Active IOCs
September 13, 2024Multiple Microsoft Products Vulnerabilities
September 13, 2024Severity
Medium
Analysis Summary
CVE-2024-43859 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in f2fs_file_open(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-44974 CVSS:6.6
Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when selecting endp. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-41096 CVSS:7.1
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free read flaw in msi_capability_init. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-43859
- CVE-2024-44974
- CVE-2024-41096
Affected Vendors
Affected Products
- Linux Kernel 6.1
- Linux Kernel 6.6
- Linux Kernel 6.10
Remediation
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information.