[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-47736":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":39,"aliases":40,"duplicate_of":9,"upstream":41,"downstream":42,"duplicates":75,"related":76,"reserved_at":9,"published_at":83,"modified_at":84,"state":85,"summary":86,"references_raw":95,"kevs":118,"epss":119,"epss_history":122,"metrics":359,"affected":365},"CVE-2024-47736","In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: handle overlapped pclusters out of crafted images properly\n\nsyzbot reported a task hang issue due to a deadlock case where it is\nwaiting for the folio lock of a cached folio that will be used for\ncache I/Os.\n\nAfter looking into the crafted fuzzed image, I found it's formed with\nseveral overlapped big pclusters as below:\n\n Ext:   logical offset   |  length :     physical offset    |  length\n   0:        0..   16384 |   16384 :     151552..    167936 |   16384\n   1:    16384..   32768 |   16384 :     155648..    172032 |   16384\n   2:    32768..   49152 |   16384 :  537223168.. 537239552 |   16384\n...\n\nHere, extent 0/1 are physically overlapped although it's entirely\n_impossible_ for normal filesystem images generated by mkfs.\n\nFirst, managed folios containing compressed data will be marked as\nup-to-date and then unlocked immediately (unlike in-place folios) when\ncompressed I/Os are complete.  If physical blocks are not submitted in\nthe incremental order, there should be separate BIOs to avoid dependency\nissues.  However, the current code mis-arranges z_erofs_fill_bio_vec()\nand BIO submission which causes unexpected BIO waits.\n\nSecond, managed folios will be connected to their own pclusters for\nefficient inter-queries.  However, this is somewhat hard to implement\neasily if overlapped big pclusters exist.  Again, these only appear in\nfuzzed images so let's simply fall back to temporary short-lived pages\nfor correctness.\n\nAdditionally, it justifies that referenced managed folios cannot be\ntruncated for now and reverts part of commit 2080ca1ed3e4 (\"erofs: tidy\nup `struct z_erofs_bvec`\") for simplicity although it shouldn't be any\ndifference.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-667","Improper Locking","The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.","weakness","Draft","Class",[19,31,35],{"id":20,"name":21,"techniques":22},"CAPEC-25","Forced Deadlock",[23],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1499.004","Application or System Exploitation",[27],{"id":28,"name":29},"TA0105","Impact",[],{"id":32,"name":33,"techniques":34},"CAPEC-26","Leveraging Race Conditions",[],{"id":36,"name":37,"techniques":38},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],[],[],[],[43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73],{"_key":44},"OPENSUSE-SU-2024:14500-1",{"_key":46},"OPENSUSE-SU-2025:14705-1",{"_key":48},"DEBIAN-CVE-2024-47736",{"_key":50},"UBUNTU-CVE-2024-47736",{"_key":52},"USN-7310-1",{"_key":54},"USN-7513-1",{"_key":56},"USN-7513-2",{"_key":58},"USN-7513-3",{"_key":60},"USN-7513-4",{"_key":62},"USN-7513-5",{"_key":64},"USN-7514-1",{"_key":66},"USN-7515-1",{"_key":68},"USN-7515-2",{"_key":70},"USN-7522-1",{"_key":72},"USN-7523-1",{"_key":74},"USN-7524-1",[],[77,79,81,82],{"_key":78},"USN-7276-1",{"_key":80},"USN-7277-1",{"_key":44},{"_key":46},"2024-10-21T12:14:06.530Z","2026-05-11T20:39:45.456Z","Modified",{"cisa_kev":87,"cisa_ransomware":87,"cisa_vendor":9,"epss_severity":88,"epss_score":89,"severity":90,"severity_score":91,"severity_version":92,"severity_source":93,"severity_vector":94,"severity_status":85},false,"low",0.00008,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[96,101,106,110,114],{"url":97,"sources":98,"tags":100},"https://git.kernel.org/stable/c/1bf7e414cac303c9aec1be67872e19be8b64980c",[99,93],"cve.org",[],{"url":102,"sources":103,"tags":104},"https://git.kernel.org/stable/c/b9b30af0e86ffb485301ecd83b9129c9dfb7ebf8",[99,93],[105],"Patch",{"url":107,"sources":108,"tags":109},"https://git.kernel.org/stable/c/9cfa199bcbbbba31cbf97b2786f44f4464f3f29a",[99,93],[105],{"url":111,"sources":112,"tags":113},"https://git.kernel.org/stable/c/9e2f9d34dd12e6e5b244ec488bcebd0c2d566c50",[99,93],[105],{"url":115,"sources":116,"tags":117},"https://git.kernel.org/stable/c/c1172e65aad4b115392ea4c6e61e56e5b9b69df4",[99,93],[],[],{"date":120,"score":89,"percentile":121},"2026-06-03",0.00698,[123,127,130,134,137,140,143,146,149,152,155,157,160,163,166,170,173,176,179,182,185,188,191,194,196,199,203,206,209,212,215,218,222,225,227,230,233,235,238,241,243,246,249,251,253,255,258,260,263,265,268,271,273,275,277,279,281,284,286,288,290,292,295,297,300,302,304,306,308,310,313,315,317,319,321,323,325,327,329,331,333,335,337,339,341,344,347,350,353,356],{"date":124,"score":125,"percentile":126},"2025-11-04",0.00037,0.10386,{"date":128,"score":125,"percentile":129},"2025-11-05",0.10415,{"date":131,"score":132,"percentile":133},"2025-11-06",0.00045,0.13581,{"date":135,"score":132,"percentile":136},"2025-11-07",0.13591,{"date":138,"score":132,"percentile":139},"2025-11-08",0.13596,{"date":141,"score":132,"percentile":142},"2025-11-09",0.13566,{"date":144,"score":132,"percentile":145},"2025-11-10",0.13533,{"date":147,"score":132,"percentile":148},"2025-11-11",0.13551,{"date":150,"score":132,"percentile":151},"2025-11-12",0.13539,{"date":153,"score":132,"percentile":154},"2025-11-13",0.13564,{"date":156,"score":132,"percentile":136},"2025-11-14",{"date":158,"score":132,"percentile":159},"2025-11-15",0.13571,{"date":161,"score":132,"percentile":162},"2025-11-16",0.13569,{"date":164,"score":132,"percentile":165},"2025-11-17",0.13543,{"date":167,"score":168,"percentile":169},"2025-11-18",0.0007,0.1754,{"date":171,"score":168,"percentile":172},"2025-11-19",0.1756,{"date":174,"score":168,"percentile":175},"2025-11-20",0.17535,{"date":177,"score":132,"percentile":178},"2025-11-21",0.13565,{"date":180,"score":132,"percentile":181},"2025-11-22",0.13555,{"date":183,"score":132,"percentile":184},"2025-11-23",0.13536,{"date":186,"score":132,"percentile":187},"2025-11-24",0.13496,{"date":189,"score":132,"percentile":190},"2025-11-25",0.13498,{"date":192,"score":132,"percentile":193},"2025-11-26",0.13493,{"date":195,"score":132,"percentile":193},"2025-11-27",{"date":197,"score":132,"percentile":198},"2025-11-28",0.13472,{"date":200,"score":201,"percentile":202},"2025-11-29",0.00009,0.0057,{"date":204,"score":201,"percentile":205},"2025-11-30",0.00572,{"date":207,"score":201,"percentile":208},"2025-12-01",0.00573,{"date":210,"score":201,"percentile":211},"2025-12-02",0.00571,{"date":213,"score":89,"percentile":214},"2025-12-03",0.00469,{"date":216,"score":89,"percentile":217},"2025-12-04",0.00474,{"date":219,"score":220,"percentile":221},"2025-12-05",0.00007,0.00439,{"date":223,"score":220,"percentile":224},"2025-12-06",0.00438,{"date":226,"score":220,"percentile":221},"2025-12-07",{"date":228,"score":220,"percentile":229},"2025-12-08",0.00444,{"date":231,"score":220,"percentile":232},"2025-12-09",0.00457,{"date":234,"score":220,"percentile":232},"2025-12-10",{"date":236,"score":220,"percentile":237},"2025-12-11",0.00459,{"date":239,"score":220,"percentile":240},"2025-12-12",0.00464,{"date":242,"score":220,"percentile":240},"2025-12-13",{"date":244,"score":220,"percentile":245},"2025-12-14",0.00462,{"date":247,"score":220,"percentile":248},"2025-12-15",0.0046,{"date":250,"score":220,"percentile":248},"2025-12-16",{"date":252,"score":220,"percentile":237},"2025-12-17",{"date":254,"score":220,"percentile":232},"2025-12-18",{"date":256,"score":220,"percentile":257},"2025-12-19",0.00455,{"date":259,"score":220,"percentile":257},"2025-12-20",{"date":261,"score":220,"percentile":262},"2025-12-21",0.00454,{"date":264,"score":220,"percentile":237},"2025-12-22",{"date":266,"score":220,"percentile":267},"2025-12-23",0.00461,{"date":269,"score":220,"percentile":270},"2025-12-24",0.00463,{"date":272,"score":220,"percentile":270},"2025-12-25",{"date":274,"score":220,"percentile":270},"2025-12-26",{"date":276,"score":220,"percentile":232},"2025-12-27",{"date":278,"score":220,"percentile":245},"2025-12-28",{"date":280,"score":220,"percentile":245},"2025-12-29",{"date":282,"score":220,"percentile":283},"2025-12-30",0.00458,{"date":285,"score":220,"percentile":283},"2025-12-31",{"date":287,"score":220,"percentile":283},"2026-01-01",{"date":289,"score":220,"percentile":248},"2026-01-02",{"date":291,"score":220,"percentile":245},"2026-01-03",{"date":293,"score":220,"percentile":294},"2026-01-04",0.00453,{"date":296,"score":220,"percentile":262},"2026-01-05",{"date":298,"score":220,"percentile":299},"2026-01-06",0.00452,{"date":301,"score":220,"percentile":294},"2026-01-07",{"date":303,"score":220,"percentile":257},"2026-01-08",{"date":305,"score":220,"percentile":267},"2026-01-09",{"date":307,"score":220,"percentile":245},"2026-01-10",{"date":309,"score":220,"percentile":283},"2026-01-11",{"date":311,"score":220,"percentile":312},"2026-01-12",0.00456,{"date":314,"score":220,"percentile":262},"2026-01-13",{"date":316,"score":220,"percentile":232},"2026-01-14",{"date":318,"score":220,"percentile":232},"2026-01-15",{"date":320,"score":220,"percentile":232},"2026-01-16",{"date":322,"score":220,"percentile":232},"2026-01-17",{"date":324,"score":220,"percentile":237},"2026-01-18",{"date":326,"score":220,"percentile":312},"2026-01-19",{"date":328,"score":220,"percentile":257},"2026-01-20",{"date":330,"score":220,"percentile":294},"2026-01-21",{"date":332,"score":220,"percentile":262},"2026-01-22",{"date":334,"score":220,"percentile":232},"2026-01-23",{"date":336,"score":220,"percentile":237},"2026-01-24",{"date":338,"score":220,"percentile":267},"2026-01-25",{"date":340,"score":220,"percentile":240},"2026-01-26",{"date":342,"score":220,"percentile":343},"2026-01-27",0.00468,{"date":345,"score":220,"percentile":346},"2026-01-28",0.00471,{"date":348,"score":220,"percentile":349},"2026-01-29",0.00473,{"date":351,"score":220,"percentile":352},"2026-01-30",0.00483,{"date":354,"score":220,"percentile":355},"2026-01-31",0.00487,{"date":357,"score":220,"percentile":358},"2026-02-01",0.0049,[360],{"source":93,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":361,"cvss_v4_0":9},{"baseScore":91,"baseSeverity":362,"vectorString":94,"impactScore":363,"exploitabilityScore":364},"MEDIUM",6,4.6,[366,392],{"ecosystem":9,"name":367,"vendor":368,"product":368,"cpe_part":369,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":370},"Linux","linux","a",[371,378,381,384,387,390],{"version":372,"is_range":373,"range_type":99,"version_start":374,"version_start_type":375,"version_end":376,"version_end_type":377,"fixed_in":9},">= 8e6c8fa9f2e95c88a642521a5da19a8e31748846, \u003C c1172e65aad4b115392ea4c6e61e56e5b9b69df4",true,"8e6c8fa9f2e95c88a642521a5da19a8e31748846","including","c1172e65aad4b115392ea4c6e61e56e5b9b69df4","excluding",{"version":379,"is_range":373,"range_type":99,"version_start":374,"version_start_type":375,"version_end":380,"version_end_type":377,"fixed_in":9},">= 8e6c8fa9f2e95c88a642521a5da19a8e31748846, \u003C 1bf7e414cac303c9aec1be67872e19be8b64980c","1bf7e414cac303c9aec1be67872e19be8b64980c",{"version":382,"is_range":373,"range_type":99,"version_start":374,"version_start_type":375,"version_end":383,"version_end_type":377,"fixed_in":9},">= 8e6c8fa9f2e95c88a642521a5da19a8e31748846, \u003C b9b30af0e86ffb485301ecd83b9129c9dfb7ebf8","b9b30af0e86ffb485301ecd83b9129c9dfb7ebf8",{"version":385,"is_range":373,"range_type":99,"version_start":374,"version_start_type":375,"version_end":386,"version_end_type":377,"fixed_in":9},">= 8e6c8fa9f2e95c88a642521a5da19a8e31748846, \u003C 9cfa199bcbbbba31cbf97b2786f44f4464f3f29a","9cfa199bcbbbba31cbf97b2786f44f4464f3f29a",{"version":388,"is_range":373,"range_type":99,"version_start":374,"version_start_type":375,"version_end":389,"version_end_type":377,"fixed_in":9},">= 8e6c8fa9f2e95c88a642521a5da19a8e31748846, \u003C 9e2f9d34dd12e6e5b244ec488bcebd0c2d566c50","9e2f9d34dd12e6e5b244ec488bcebd0c2d566c50",{"version":391,"is_range":87,"range_type":99,"version_start":391,"version_start_type":375,"version_end":391,"version_end_type":375,"fixed_in":9},"5.13",{"ecosystem":9,"name":393,"vendor":368,"product":394,"cpe_part":395,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":396},"linux kernel","linux_kernel","o",[397,401],{"version":398,"is_range":373,"range_type":399,"version_start":391,"version_start_type":375,"version_end":400,"version_end_type":377,"fixed_in":9},"gte5.13_lt6.10.13","cpe","6.10.13",{"version":402,"is_range":373,"range_type":399,"version_start":403,"version_start_type":375,"version_end":404,"version_end_type":377,"fixed_in":9},"gte6.11_lt6.11.2","6.11","6.11.2"]