GHSA-RP9H-RF7G-HWGR s2n-tls has undefined behavior at process exit

Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a...

s2n-tls has undefined behavior at process exit

Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a...

`simd-json-derive` vulnerable to `MaybeUninit` misuse

An invalid use of MaybeUninit::uninit.assumeinit in simd-json-derive's derive macro can cause undefined behavior. The original code used MaybeUninit to avoid initialisation of the struct and then set the fields using ptr::write. The undefined behavior triggered by this misuse of MaybeUninit can...

`fast-float` has multiple soundness issues

fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...

kernel: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use flexible array sizes, use flexible arrays...

kernel: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound UBSAN with byte size cells If a cell has 'nbits' equal to a multiple of BITSPERBYTE the logic p &= GENMASKcell-nbits%BITSPERBYTE - 1, 0; will become undefined behavior because nbits modulo BITSPERBYT...

kernel: mptcp: really cope with fastopen race

A vulnerability was found in the subflowsimultaneousconnect function in the mptcp component in the Linux kernel, where not all possible subflow states are evaluated, leading to a potential race condition. This issue could lead to undefined network behavior...

kernel: Linux kernel: ACPICA undefined behavior due to zero offset to null pointer

A flaw was found in ACPICA in the Linux kernel. This vulnerability allows for a denial of service via a null pointer dereference...

bpftool: Fix undefined behavior in qsort(NULL 0 ...)

...

PT-2024-40411 · Unknown · Simd-Json-Derive

Name of the Vulnerable Software and Affected Versions: simd-json-derive versions prior to 0.12.0 Description: The issue arises from an invalid use of MaybeUninit::uninit.assume init in the derive macro of simd-json-derive, leading to undefined behavior. This misuse can cause invalid memory access...

PT-2024-40524 · Unknown · Fast-Float

Name of the Vulnerable Software and Affected Versions: fast-float affected versions not specified Description: The fast-float library contains soundness issues, including undefined behavior when checking input length and functions marked as safe with non-local safety guarantees. The library is al...

CVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a UBSAN warning in DML2.1 When programming phantom pipe, since cursorwidth is explicity set to 0, this causes calculation logic to trigger overflow for an unsigned int triggering the kernel's UBSAN check as...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an integer overflow problem when a UBSAN warning is triggered...

UBUNTU-CVE-2024-50139

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sysregs.c:1988:14 shift exponent 33 is too large f...

CVE-2024-50139 KVM: arm64: Fix shift-out-of-bounds bug

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sysregs.c:1988:14 shift exponent 33 is too large f...

CLSA-2024-1730919625 Fix CVE(s): CVE-2020-27773, CVE-2020-27775

SECURITY UPDATE: Integer overflow vulnerability in gem-private.h - debian/patches/CVE-2020-27773.patch: fix gamma calculation to prevent division by zero in ConvertLuvToXYZ function - CVE-2020-27773 SECURITY UPDATE: Undefined behaviour in quantum.h - debian/patches/CVE-2020-27775.patch: fix...

ABB Cylon Aspect 3.08.00 Off-By-One Vulnerability

A vulnerability was identified in a ABB Cylon Aspect version 3.08.00 where an off-by-one error in array access could lead to undefined behavior and potential denial of service. The issue arises in a loop that iterates over an array using a less than or equals to condition, allowing access to an...

kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq

in linux kernel, shift undefined behavior occurs in bnxtqpliballocinithwq with hwqattr-auxdepth of nonzero and hwqattr-auxstride of zero...

kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq

in linux kernel, shift undefined behavior occurs in bnxtqpliballocinithwq with hwqattr-auxdepth of nonzero and hwqattr-auxstride of zero...

PT-2024-40925 · Unknown · Fast-Float

Name of the Vulnerable Software and Affected Versions: fast-float affected versions not specified Description: The fast-float library contains soundness issues, including undefined behavior when checking input length and functions marked as safe with non-local safety guarantees. The library is al...