41 matches found
SUSE CVE-2026-46282
In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...
GHSA-W86F-RF9W-H3X6 FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading
Summary An unauthenticated attacker Alice connects to FUXA's Socket.IO endpoint and emits a device-webapi-request event whose property.address field names an arbitrary URL. FUXA's DEVICEWEBAPIREQUEST handler at server/runtime/index.js:296 calls axios.getaddress server-side and broadcasts the full...
FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading
Summary An unauthenticated attacker Alice connects to FUXA's Socket.IO endpoint and emits a device-webapi-request event whose property.address field names an arbitrary URL. FUXA's DEVICEWEBAPIREQUEST handler at server/runtime/index.js:296 calls axios.getaddress server-side and broadcasts the full...
CVE-2026-46282
In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...
EUVD-2026-35147
In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...
CVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on str
In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Device property: Fixed the node refcount leak in fwnodegraphgetnextendpoint. The “parent” returned by fwnodegraphgetportparent has its refcount incremented when ‘prev’ is not NULL. This variable needs to be set after using it...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993072)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993072 advisory. In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devmkmallocarray in fdpncii2creaddeviceproperties devmkmallocarray ma...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990762)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990762 advisory. In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devmkmallocarray in fdpncii2creaddeviceproperties devmkmallocarray ma...
AZL-68150 CVE-2025-39937 affecting package kernel for versions less than 6.6.112.1-1
In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda "net: rfkill: gpio: get the name and type from device property" rfkillfindtype gets called with the possibly uninitialized "const...
UBUNTU-CVE-2025-39937
In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda "net: rfkill: gpio: get the name and type from device property" rfkillfindtype gets called with the possibly uninitialized "const...
EUVD-2022-55171
Malicious code in bioql PyPI...
EUVD-2025-13123
Malicious code in bioql PyPI...
xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing f...
CVE-2023-53139
The CVE-2023-53139 issue is in the Linux kernel’s NFC FDP code: it adds a null check for devm_kmalloc_array in fdp_nci_i2c_read_device_properties. If devm_kmalloc_array fails and fw_vsc_cfg is NULL, an out-of-bounds write can occur in device_property_read_u8_array. The vulnerability is addressed ...
SUSE CVE-2022-49752
In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnodegraphgetnextendpoint The 'parent' returned by fwnodegraphgetportparent with refcount incremented when 'prev' is not NULL, it needs be put when finish using it. Because the paren...
DEBIAN-CVE-2022-49752
In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnodegraphgetnextendpoint The 'parent' returned by fwnodegraphgetportparent with refcount incremented when 'prev' is not NULL, it needs be put when finish using it. Because the paren...
UBUNTU-CVE-2022-49752
In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnodegraphgetnextendpoint The 'parent' returned by fwnodegraphgetportparent with refcount incremented when 'prev' is not NULL, it needs be put when finish using it. Because the paren...
CVE-2022-49752 device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()
In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnodegraphgetnextendpoint The 'parent' returned by fwnodegraphgetportparent with refcount incremented when 'prev' is not NULL, it needs be put when finish using it. Because the paren...
CVE-2022-49752 device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()
In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnodegraphgetnextendpoint The 'parent' returned by fwnodegraphgetportparent with refcount incremented when 'prev' is not NULL, it needs be put when finish using it. Because the paren...