Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to clear cache lines during SNP memory validation, which could lead to a cache coherency vulnerability...

PT-2025-33759

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a cache coherency vulnerability within the x86/sev subsystem related to Secure Nested Paging SNP memory validation. The issue requires cache line eviction...

CVE-2025-38310 seg6: Fix validation of nexthop addresses

In the Linux kernel, the following vulnerability has been resolved: seg6: Fix validation of nexthop addresses The kernel currently validates that the length of the provided nexthop address does not exceed the specified length. This can lead to the kernel reading uninitialized memory if user space...

CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

CVE-2021-30285

Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking...

CVE-2021-30266

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

CVE-2020-3632

u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P...

CVE-2022-49666

In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add addpages override for PPC With commit ffa0b64e3be5 "powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit" the kernel now validate the addr against highmemory value. This results in the below BUGON with da...

CVE-2022-49666

In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add addpages override for PPC With commit ffa0b64e3be5 "powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit" the kernel now validate the addr against highmemory value. This results in the below BUGON with da...

CVE-2022-49067 powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit

In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way pa works we have: pa0x8000000000000000 == 0, and therefore virttopfn0x8000000000000000 == ...

CVE-2024-11950

CVE-2024-11950 affects XnSoft XnView Classic due to an integer underflow in RWZ file parsing. The flaw allows code execution via remote attacker control after user visits a malicious page or opens a malicious RWZ, with the issue arising from inadequate validation of input data and an underflow be...

CLSA-2024-1726773716 Fix CVE(s): CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094

Backport upstream's fixes from OpenJDK 8u412 release. - CVE-2024-21011: possible crash on long exception message in Hotspot. - CVE-2024-21068: incorrect applying an unsigned integer left shift in Hotspot. - CVE-2024-21085: incorrect memory size validation by the NativeUnpack class. -...

CVE-2023-39486 PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability

PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2024-0050

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

AMD Embedded Processors Vulnerabilities – February 2024

Bulletin ID: AMD-SB-5001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages. CVE...

PT-2024-41505

Name of the Vulnerable Software and Affected Versions: linux in Debian Linux affected versions not specified Description: The vulnerability involves evicting cache lines during Secure Nested Paging SNP memory validation in x86 systems. This issue affects Debian Linux. Recommendations: At the...

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-82673)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects versions 18.4....

PT-2023-2952 · Horner Automation · Cscape

Name of the Vulnerable Software and Affected Versions: Horner Automation Cscape affected versions not specified Description: The issue is related to an out-of-bounds write in memory due to a lack of proper validation of user-supplied data when parsing project files, such as HMI files. This could...

USN-5231-1 389-ds-base vulnerabilities

It was discovered that 389 Directory Server presented to users, during authentication, an error message which could be used to discover if a certain LDAP DN existed or not. A remote unauthenticated attacker could possibly use this to check the existence of an entry in a LDAP database and expose...

Omron CX-Position Buffer Overflow Vulnerability

Omron CX-Position is a position control software from Omron Corporation of Japan. Simplifies all aspects of position control, from creating/editing data used in a position control unit NC unit to online communication and monitoring operations.Omron CX-Position suffers from a buffer overflow...