Preface: When you got a valid non-NULL pointer to a memory address returned by malloc(), only the requested size of memory is allocated to your process and you’re allowed to use (read and / or write) into that much space only.

Background: When you launch a KVM-based guest, most often you would see QEMU doing the major user space heavy-lifting by providing a PC-like environment—it handles guest memory management, network cards, emulated storage devices, and so forth.

When using QEMU, all I/O travels through a single queue, which can affect performance.

Vulnerability details: In the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest.

Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak

Ref: A bounce buffer resides in memory low enough for a device to copy from and write data to. It is then copied to the desired user page in high memory. This additional copy is undesirable, but unavoidable. Pages are allocated in low memory which are used as buffer pages for DMA to and from the device.

This CVE only low risk vulnerability. However, but should staying alert.

Official announcement: Please refer to the vendor announcement for details – https://nvd.nist.gov/vuln/detail/CVE-2024-8612

Preface: Originally founded in 1992 as M-Tech Information Technology, acquired by Hitachi, Ltd. in 2008, and acquired by the Volaris Group in 2022, Bravura Security, Inc is a leading provider of identity, privileged access, password, and passwordless solutions. Bravura Security Fabric brings together all the benefits of SaaS plus IAM & PAM into one comprehensive solution.

Background: The API Service (idapi) enables client programs to access Bravura Security Fabric workflow and provisioning features programmatically. Client programs communicate with the service using:

SOAP (Simple Object Access Protocol) – Some organizations use the SOAP API to build their own customized front-end to Bravura Security Fabric.

Vulnerability details: An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attempts through API SOAP.

Official announcement: Please refer to the vendor announcement for details –

https://www.bravurasecurity.com/cve-2024-45523-resource-leak-in-api-after-a-failed-login-attempt

Preface: Enables Vaultwarden’s built-in HTTPS functionality (via the Rocket web framework). Rocket’s HTTPS implementation is relatively immature and has limited functionality.

Rocket is a web framework written in Rust. It supports HTTP requests, Web Sockets JSON, templating and more. Its design was inspired by Rails, Flask, Bottle, and Yesod.

Background: Vaultwarden is an unofficial Bitwarden server implementation written in Rust that is compatible with the official Bitwarden client, making it ideal for resource-intensive self-hosted deployments where you don’t want to run the official Bitwarden client.

Vaultwarden implements the Bitwarden APIs required for most functionality, including: Web interface (equivalent to https://vault.bitwarden.com/), Event Logs, Password sharing and access control..etc

Vulnerability details: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator’s browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact.

Official announcement: Please refer to the vendor announcement for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-39926

Preface: A mutex is a mutual exclusion lock. Only one thread can hold the lock. Mutexes are used to protect data or other resources from concurrent access. A mutex has attributes, which specify the characteristics of the mutex.

Background: During the boot process, the console provides a lot of important information about the initial phase of the system startup. To avoid loss of the early messages the kernel utilizes what is called a ring buffer. This buffer stores all messages, including boot messages, generated by the printk() function within the kernel code. The messages from the kernel ring buffer are then read and stored in log files on permanent storage, for example, by the syslog service. The buffer mentioned above is a cyclic data structure which has a fixed size, and is hard-coded into the kernel.

Vulnerability details: In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_mutex order was already wrong, that is, it nesting under mmap_lock is not new with this patch.

Official announcement: Please refer to the vendor announcement for details – https://nvd.nist.gov/vuln/detail/CVE-2024-46713

Preface: In session hijacking, an attacker gets hold of a valid user session to gain unauthorized access to the account. This is typically done through three methods:

Brute force: The attacker keeps trying session IDs until they are successful.

Calculation: If the session IDs are generated in a non-random manner, the attacker can calculate them.

Theft: The attacker acquires the session ID through techniques like session sniffing, session fixation, and cross-site scripting.

Background: FortiSOAR helps IT/OT security teams thwart attacks by centralizing incident management and automating the myriad of analyst activities required for effective threat investigation and response.

Vulnerability details: An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.

Official announcement: Please refer to the vendor announcement for details –

https://fortiguard.fortinet.com/psirt/FG-IR-24-048

Preface: Veeam ONE agent is a component that enables communication with Veeam Backup & Replication servers, performs collection of logs, and sends remediation commands. It is recommended to install Veeam ONE agent to improve data collection performance in large-scale Veeam Backup & Replication infrastructures.

Background: Veeam ONE supports two deployment scenarios:

• All-in-one

The all-in-one deployment scenario is ideal if you want to consolidate the entire product functionality in one place by installing all product architectural components on a single machine. This scenario is preferable for small- to medium-scale deployments.

• Custom

The custom deployment scenario is more suitable if you want to separate client/server roles and install product architectural components on different machines. This scena rio is recommended for large-scale deployments.

Vulnerability details:  A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

Official announcement: Please refer to the link for details – https://www.veeam.com/kb4649