Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 09 Jun 2026 14:38:48 +0000 db879f7c-094b-490e-8016-69f0438aab83 https://vulnerability.circl.lu/sighting/db879f7c-094b-490e-8016-69f0438aab83/export {"uuid": "db879f7c-094b-490e-8016-69f0438aab83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45006", "type": "seen", "source": "https://t.me/cvedetector/4859", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45006 - Here is a possible title for the vulnerability: \"Gigabyte xHCI NULL Pointer Dereference Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-45006 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration \n \nre-enumerating full-speed devices after a failed address device command \ncan trigger a NULL pointer dereference. \n \nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size \nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case, \nwhich ends up calling xhci_configure_endpoint(). \n \nOn Panther point xHC the xhci_configure_endpoint() function will \nadditionally check and reserve bandwidth in software. Other hosts do \nthis in hardware \n \nIf xHC address device command fails then a new xhci_virt_device structure \nis allocated as part of re-enabling the slot, but the bandwidth table \npointers are not set up properly here. \nThis triggers the NULL pointer dereference the next time usb_ep0_reinit() \nis called and xhci_configure_endpoint() tries to check and reserve \nbandwidth \n \n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd \n[46710.713699] usb 3-1: Device not responding to setup address. \n[46710.917684] usb 3-1: Device not responding to setup address. \n[46711.125536] usb 3-1: device not accepting address 5, error -71 \n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008 \n[46711.125600] #PF: supervisor read access in kernel mode \n[46711.125603] #PF: error_code(0x0000) - not-present page \n[46711.125606] PGD 0 P4D 0 \n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI \n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1 \n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd. \n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore] \n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c \n \nFix this by making sure bandwidth table pointers are set up correctly \nafter a failed address device command, and additionally by avoiding \nchecking for bandwidth in cases like this where no actual endpoints are \nadded or removed, i.e. only context for default control endpoint 0 is \nevaluated. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:25.000000Z"} {"uuid": "db879f7c-094b-490e-8016-69f0438aab83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45006", "type": "seen", "source": "https://t.me/cvedetector/4859", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45006 - Here is a possible title for the vulnerability: \"Gigabyte xHCI NULL Pointer Dereference Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-45006 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration \n \nre-enumerating full-speed devices after a failed address device command \ncan trigger a NULL pointer dereference. \n \nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size \nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case, \nwhich ends up calling xhci_configure_endpoint(). \n \nOn Panther point xHC the xhci_configure_endpoint() function will \nadditionally check and reserve bandwidth in software. Other hosts do \nthis in hardware \n \nIf xHC address device command fails then a new xhci_virt_device structure \nis allocated as part of re-enabling the slot, but the bandwidth table \npointers are not set up properly here. \nThis triggers the NULL pointer dereference the next time usb_ep0_reinit() \nis called and xhci_configure_endpoint() tries to check and reserve \nbandwidth \n \n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd \n[46710.713699] usb 3-1: Device not responding to setup address. \n[46710.917684] usb 3-1: Device not responding to setup address. \n[46711.125536] usb 3-1: device not accepting address 5, error -71 \n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008 \n[46711.125600] #PF: supervisor read access in kernel mode \n[46711.125603] #PF: error_code(0x0000) - not-present page \n[46711.125606] PGD 0 P4D 0 \n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI \n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1 \n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd. \n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore] \n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c \n \nFix this by making sure bandwidth table pointers are set up correctly \nafter a failed address device command, and additionally by avoiding \nchecking for bandwidth in cases like this where no actual endpoints are \nadded or removed, i.e. only context for default control endpoint 0 is \nevaluated. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:25.000000Z"} https://vulnerability.circl.lu/sighting/db879f7c-094b-490e-8016-69f0438aab83/export Wed, 04 Sep 2024 22:47:25 +0000 f40012a2-b7fd-4214-9a07-0ccb604e5580 https://vulnerability.circl.lu/sighting/f40012a2-b7fd-4214-9a07-0ccb604e5580/export {"uuid": "f40012a2-b7fd-4214-9a07-0ccb604e5580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45006", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} {"uuid": "f40012a2-b7fd-4214-9a07-0ccb604e5580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45006", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} https://vulnerability.circl.lu/sighting/f40012a2-b7fd-4214-9a07-0ccb604e5580/export Thu, 14 Aug 2025 10:00:00 +0000