477 matches found
CVE-2022-50778 fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL
In the Linux kernel, the following vulnerability has been resolved: fortify: Fix compiletimestrlen under UBSANBOUNDSLOCAL With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observe a runtime panic while running Android's Compatibility Test Suite's CTS android.hardware.input.cts.tests...
CVE-2023-54056 kheaders: Use array declaration instead of char
In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIGFORTIFYSOURCE, memcpy will check the size of destination and source buffers. Defining kernelheadersdata as "char" would trip this check. Since these addresses are treate...
CVE-2023-54056
The CVE-2023-54056 entry concerns the Linux kernel kheaders path. The underlying issue was that kernel_headers_data was defined as a char array, which trips FortifySource checks during memcpy by treating addresses as byte arrays; the fix is to define them as proper arrays (as with other code path...
CVE-2023-54056 kheaders: Use array declaration instead of char
In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIGFORTIFYSOURCE, memcpy will check the size of destination and source buffers. Defining kernelheadersdata as "char" would trip this check. Since these addresses are treate...
PT-2025-53054
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to kheaders. Specifically, the use of a 'char' declaration instead of an array declaration for kernel headers data could trigger a buffer overfl...
Linux Distros Unpatched Vulnerability : CVE-2022-50778
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fortify: Fix compiletimestrlen under UBSANBOUNDSLOCAL With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observe a runtime panic while running...
SUSE CVE-2025-40363
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6output and ah6outputdone where extension headers are copied to/from IPv6 address fields, triggering fortify-string warnings about...
CVE-2025-40363
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6output and ah6outputdone where extension headers are copied to/from IPv6 address fields, triggering fortify-string warnings about...
CVE-2025-40363 net: ipv6: fix field-spanning memcpy warning in AH output
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6output and ah6outputdone where extension headers are copied to/from IPv6 address fields, triggering fortify-string warnings about...
kernel: scsi: lpfc: Use memcpy() for BIOS version
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy for BIOS version The strlcat with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset with...
EUVD-2023-60055
The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper input parsing or memory handling, resulting...
kernel: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ipvsprotocolinit Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for...
kernel: scsi: lpfc: Use memcpy() for BIOS version
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy for BIOS version The strlcat with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset with...
kernel: scsi: lpfc: Use memcpy() for BIOS version
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy for BIOS version The strlcat with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset with...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990608)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990608 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989856)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989856 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------ cut here...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989424)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989424 advisory. In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfctarget arrays While running under CONFIGFORTIFYSOURCE=y, syzkall...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990241)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990241 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------ cut here...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: The crash in timerlatdumpstack has been fixed. We have observed kernel panics when using timerlat with stack saving, with the following dmesg output: memcpy: detected buffer overflow: 88 bytes written to a buffer...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26907)
RDMA/mlx5: Fixed fortify source warning while accessing Eth segment. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503475; scriptversion"1.2";...