CVE-2024-1395
published 2024-05-03CVE-2024-1395: Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing…
PriorityP433medium6.7CVSS 3.1
AVLACHPRNUINSUCHIHAN
EPSS
0.15%
5.1th percentile
Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
This issue affects Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | 5th_gen_gpu_architecture_kernel_driver | >= r41p0 < r48p0 | r48p0 |
| arm_ltd | arm_5th_gen_gpu_architecture_kernel_driver | r41p0 – r47p0 | — |
| cryptography.io | cryptography | >= 42.0.0 < 44.0.1 | 44.0.1 |
| github.com | traefik_traefik | 0 – 1.7.34 | — |
| github.com | traefik_traefik_v2 | >= 0 < 2.11.3 | 2.11.3 |
| github.com | traefik_traefik_v3 | >= 0 < 3.0.1 | 3.0.1 |
| android | — | — | |
| indico | indico | >= 0 < 3.3.4 | 3.3.4 |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | azure_sdk | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | microsoft_defender_for_endpoint_for_android | — | — |
| msrc | microsoft_defender_for_endpoint_for_ios | — | — |
| msrc | microsoft_sql_server_2016_for_x64-based_systems_service_pack_3 | — | — |
| msrc | microsoft_sql_server_2016_for_x64-based_systems_service_pack_3_azure_connect_fea | — | — |
| msrc | microsoft_sql_server_2017_for_x64-based_systems | — | — |
| msrc | microsoft_sql_server_2019_for_x64-based_systems | — | — |
| nokogiri | nokogiri | >= 0 < 1.18.4 | 1.18.4 |
| nokogiri | nokogiri | >= 0 < 1.18.3 | 1.18.3 |
| pimcore | pimcore | >= 11.0.0-ALPHA1 < 11.1.6.5 | 11.1.6.5 |
| pimcore | pimcore | >= 11.2.0 < 11.2.3 | 11.2.3 |
| woodruffw | pyrage | >= 1.2.0 < 1.2.3 | 1.2.3 |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
ghsa9.8CRITICAL
vendor_msrc9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
vendor_msrc·2024-11-12·CVSS 9.1
CVE-2024-5535 [CRITICAL] CWE-1395 OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-5535
Description: We are republishing this OpenSSL CVE to document that the latest version Microsoft Defender for Endpoint has been updated to protect against this OpenSSL library vulnerability.
FAQ: How could an attacker exploit this vulnerability?
Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result
Android
CVE-2024-1395: Mali
vendor_android·2024-05-01·CVSS 6.7
CVE-2024-1395 [MEDIUM] CVE-2024-1395: Mali
Android Security Bulletin 2024-05-01
CVE: CVE-2024-1395
Severity: HIGH
Component: Mali
References: A-329506991
*
Microsoft
Azure SDK Spoofing Vulnerability
vendor_msrc·2024-03-12·CVSS 7.5
CVE-2024-21421 [HIGH] CWE-1395 Azure SDK Spoofing Vulnerability
Azure SDK Spoofing Vulnerability
FAQ: What actions do customers need to take to protect themselves from this vulnerability?
Customers with deployments created prior to Oct 19. 2023 must manually upgrade azure-core to Azure Core Build 1.29.5 or higher to be protected. For information reference the following: https://azure.github.io/azure-sdk/releases/latest/index.html. Customers with deployments created after October 19, 2023 recieved the fix automatically and no action is needed.
Azure SDK: Azure SDK
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Spoofing
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: https://azure.github.io/azure-sdk/
Reference: https://learn.microsoft.c
GHSA
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs
ghsa·2025-03-14·CVSS 7.8
CVE-2025-24855 [HIGH] CWE-1395 Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs
## Summary
Nokogiri v1.18.4 upgrades its dependency libxslt to [v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43).
libxslt v1.1.43 resolves:
- CVE-2025-24855: Fix use-after-free of XPath context node
- CVE-2024-55549: Fix UAF related to excluded namespaces
## Impact
### CVE-2025-24855
- "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node"
- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855
### CVE-2024-55549
- "Use-after-free related to excluded result prefixes"
- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S
GHSA
Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
ghsa·2025-02-19·CVSS 9.8
CVE-2025-24928 [HIGH] CWE-1395 Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-vvfq-8hwr-qm4m. This link is maintained to preserve external references.
# Original Description
## Summary
Nokogiri v1.18.3 upgrades its dependency libxml2 to
[v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).
libxml2 v2.13.6 addresses:
- CVE-2025-24928
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
- CVE-2024-56171
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
## Impact
### CVE-2025-24928
Stack-buffer overflow is possible when reporting DTD validation
errors if the input contains a long (~3kb) QName prefix.
### CVE-2024-56171
GHSA
Vulnerable OpenSSL included in cryptography wheels
ghsa·2025-02-11
CVE-2024-12797 [LOW] CWE-1395 Vulnerable OpenSSL included in cryptography wheels
Vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20250211.txt.
If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
GHSA
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
ghsa·2024-12-19
CVE-2024-56327 [HIGH] CWE-1395 pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
`pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w.
All details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details.
Versions of `pyrage` before 1.2.0 lack plugin support and are therefore **not affected**.
An equivalent issue was fixed in [the reference Go implementation of age](https://github.com/FiloSottile/age), see advisory [GHSA-32gq-x56h-299c](https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c).
Thanks to ⬡-49016 for reporting this issue.
GHSA
Indico has a Cross-Site-Scripting during account creation
ghsa·2024-09-04
CVE-2024-45399 [MEDIUM] CWE-1395 Indico has a Cross-Site-Scripting during account creation
Indico has a Cross-Site-Scripting during account creation
### Impact
There is a Cross-Site-Scripting vulnerability during account creation when redirecting after the account has been successfully created.
Exploitation requires the user to initiate the account creation process with a maliciously crafted link, and then finalize the signup process. Because of this, it can only target newly created (and thus unprivileged) Indico users so the benefits of exploiting it are very limited.
### Patches
You should to update to [Indico 3.3.4](https://github.com/indico/indico/releases/tag/v3.3.4) as soon as possible.
See [the docs](https://docs.getindico.io/en/stable/installation/upgrade/) for instructions on how to update.
### Workarounds
- If you build the Indico package yourself and cannot upgrad
GHSA
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
ghsa·2024-05-23·CVSS 5.9
CVE-2024-24788 [MEDIUM] CWE-1395 Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
### Impact
There is a vulnerability in [GO managing malformed DNS message](https://groups.google.com/g/golang-announce/c/wkkO4P9stm0), which impacts Traefik.
This vulnerability could be exploited to cause a denial of service.
### References
- [CVE-2024-24788](https://www.cve.org/CVERecord?id=CVE-2024-24788)
### Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.3
- https://github.com/traefik/traefik/releases/tag/v3.0.1
### Workarounds
No workaround.
### For more information
If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).
GHSA
GHSA-79fj-qcrm-4368: Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory proc
ghsa_unreviewed·2024-05-03
CVE-2024-1395 [MEDIUM] CWE-416 GHSA-79fj-qcrm-4368: Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory proc
Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
This issue affects Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.
GHSA
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
ghsa·2024-04-24·CVSS 6.1
CVE-2024-29203 [MEDIUM] CWE-1395 Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
### Impact
The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for <6.8.1:
https://nvd.nist.gov/vuln/detail/CVE-2024-29203
https://nvd.nist.gov/vuln/detail/CVE-2024-29881
### Patches
The package should be updated to at least 6.8.1 to avoid XSS vulnerability.
### Workarounds
Upgrade pimcore to release 11.2.3 or 11.1.6.5.
### References
https://nvd.nist.gov/vuln/detail/CVE-2024-29203
https://nvd.nist.gov/vuln/detail/CVE-2024-29881
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-03
Published