2521 matches found
CVE-2024-56540
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery invocation during probe and resume Refactor IPC send and receive functions to allow correct handling of operations that should not trigger a recovery process. Expose ivpusendreceiveinternal, which is...
CVE-2024-56608
CVE-2024-56608 affects the Linux kernel in the AMD display driver (drm/amd/display) where dcn21_link_encoder_create could perform an out-of-bounds access on the link_enc_hpd_regs array. The connected TencentOS NASL notes the issue is present in kernels prior to 5.15.182.1-1 and that a patch updat...
CVE-2024-56608 drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds access in 'dcn21linkencodercreate' An issue was identified in the dcn21linkencodercreate function where an out-of-bounds access could occur when the hpdsource index was used to reference the...
AZL-54936 CVE-2024-53156 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...
UBUNTU-CVE-2024-53156
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...
Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
The VariantStrIter::implget function called internally by implementations of the Iterator and DoubleEndedIterator traits for this type was unsound, resulting in undefined behaviour. An immutable reference &p to a mut libc::cchar pointer initialized to NULL was passed as an argument to a C functio...
Unsound usages of `u8` type casting in spl-token-swap
The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...
GHSA-H6XM-C6R4-VMWF Unsound usages of `u8` type casting in spl-token-swap
The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...
Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...
GHSA-3QX8-RV27-J6GP Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...
PT-2024-40054 · Unknown · Kvm-Ioctls
Name of the Vulnerable Software and Affected Versions: kvm-ioctls versions 0.1.0 through 0.19.0 Description: An issue in the VmFd::create device function leads to undefined behavior and miscompilations due to a violation of Rust's pointer safety rules. The function incorrectly downcasts a mutable...
PT-2024-40316 · Solana · Solana Program Library
Name of the Vulnerable Software and Affected Versions: Solana Program Library affected versions not specified Description: The issue arises from the unpack function in the library, which casts a u8 array to arbitrary types. This can lead to undefined behaviors due to misaligned pointer dereferenc...
PT-2024-40510 · Glib · Glib
Name of the Vulnerable Software and Affected Versions: glib versions 0.15.0 and later Description: The VariantStrIter::impl get function was unsound, resulting in undefined behavior due to an immutable reference being passed to a C function that mutates the pointer in-place. This caused crashes d...
RUSTSEC-2024-0435 Unsound usages of `Vec::from_raw_parts`
The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...
Unsound usages of `u8` type casting
The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...
RUSTSEC-2024-0426 Unsound usages of `u8` type casting
The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...
PT-2024-40969 · Solana · Solana Program Library
Name of the Vulnerable Software and Affected Versions: Solana Program Library affected versions not specified Description: The issue arises from the unpack function in the library, which can lead to undefined behavior when casting a u8 array to arbitrary types. This is due to the potential for...
CVE-2024-47600
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the formatchannelmask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the...
Unspecified Vulnerability in FFmpeg (CNVD-2025-01686)
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg version n6.1.1, which can be exploited by attackers to cause undefined behavior or a crash during decoding...
RUSTSEC-2024-0428 Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...