kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq

in linux kernel, shift undefined behavior occurs in bnxtqpliballocinithwq with hwqattr-auxdepth of nonzero and hwqattr-auxstride of zero...

kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq

in linux kernel, shift undefined behavior occurs in bnxtqpliballocinithwq with hwqattr-auxdepth of nonzero and hwqattr-auxstride of zero...

SUSE CVE-2022-48906

In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATAFIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large number of DATAFIN retransmits caused a shift-out-of-bounds in the DATAFIN timeout calculation:...

DEBIAN-CVE-2022-48906

In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATAFIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large number of DATAFIN retransmits caused a shift-out-of-bounds in the DATAFIN timeout calculation:...

UBUNTU-CVE-2022-48906

In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATAFIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large number of DATAFIN retransmits caused a shift-out-of-bounds in the DATAFIN timeout calculation:...

PT-2024-32245 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the initialization of the vmap block structure in the Linux kernel. When a new vmap block is being instantiated by new vmap block, the partially initialized...

kernel: media: gspca: cpia1: shift-out-of-bounds in set_flicker

In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in setflicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit type 'int' When the...

kernel: wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211gettxpower We can get a UBSAN warning if ieee80211gettxpower returns the INTMIN value mac80211 internally uses for "unset power level". UBSAN: signed-integer-overflow in...

kernel: media: gspca: cpia1: shift-out-of-bounds in set_flicker

In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in setflicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit type 'int' When the...

UBUNTU-CVE-2024-42148

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FPSBMAXE1x...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from a UBSAN array index out-of-bounds in the bnx2x module when using systems with more than 32 physical CPU cor...

XMP Toolkit's `XmpFile::close` can trigger undefined behavior

Affected versions of the crate failed to catch C++ exceptions raised within the XmpFile::close function. If such an exception occurred, it would trigger undefined behavior, typically a process abort. This is best demonstrated in issue 230, where a race condition causes the close call to fail due ...

`XmpFile::close` can trigger UB

Affected versions of the crate failed to catch C++ exceptions raised within the XmpFile::close function. If such an exception occured, it would trigger undefined behavior, typically a process abort. This is best demonstrated in issue 230, where a race condition causes the close call to fail due t...

SUSE CVE-2024-40987

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix UBSAN warning in kvdpm.c Adds bounds check for sumovidmappingentry...

PT-2024-40915 · Unknown · Xmp Toolkit

Name of the Vulnerable Software and Affected Versions: xmp toolkit versions prior to 1.9.0 Description: The issue arises when C++ exceptions are raised within the XmpFile::close function, leading to undefined behavior, typically a process abort. This can be triggered by a race condition causing...

kernel: ext4: fix double-free of blocks due to wrong extents moved_len

A vulnerability was found in the Linux kernel. This issue occurs in the ext4 function, in ext4moveextents, where an error in updating the movedlen variable can lead to double-free of blocks and corrupt block accounting. This could lead to crashes or undefined behavior...

GHSA-Q445-7M23-QRMW openssl's `MemBio::get_buf` has undefined behavior with empty buffers

Previously, MemBio::getbuf called slice::fromrawparts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed...

RUSTSEC-2024-0357 `MemBio::get_buf` has undefined behavior with empty buffers

Previously, MemBio::getbuf called slice::fromrawparts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed...

`MemBio::get_buf` has undefined behavior with empty buffers

Previously, MemBio::getbuf called slice::fromrawparts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed...

OESA-2024-1864 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: bnxtre: avoid shift undefined behavior in bnxtqpliballocinithwq Undefined behavior is triggered when bnxtqpliballocinithwq is called with hwqattr-auxdepth != 0 a...