CVE-2024-26772

A vulnerability was found in the ext4mbfindbygoal function in the Linux kernel. This issue could lead to memory corruption or crashes due to the allocation of blocks from a group with a corrupted block bitmap...

CVE-2024-26772

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4mbfindbygoal Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group with a...

CVE-2024-26773

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4mbtrybestfound Determine if the group block bitmap is corrupted before using acbex in ext4mbtrybestfound to avoid allocating blocks from a group with a corrupted block...

CVE-2024-26772

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4mbfindbygoal Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group with a...

CVE-2024-26707 net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()

In the Linux kernel, the following vulnerability has been resolved: net: hsr: remove WARNONCE in sendhsrsupervisionframe Syzkaller reported 1 hitting a warning after failing to allocate resources for skb in hsrinitskb. Since a WARNONCE call will not help much in this case, it might be prudent to...

Integer Overflow

gtkwave is vulnerable to Integer Overflow.The vulnerability is due to insufficient input validation and bounds checking within the VZT facgeometry parsing functionality in .vzt file, allow attackers to manipulate certain input parameters during the allocation of the rows array...

Integer Overflow

gtkwave is vulnerable to Integer Overflow.The vulnerability is due to insufficient input validation and bounds checking within the VZT facgeometry parsing functionality in .vzt file, allow attackers to manipulate certain input parameters during the allocation of the vindexoffset array...

Integer Overflow

gtkwave is vulnerable to Integer Overflow.The vulnerability is due to insufficient input validation and bounds checking within the VZT facgeometry parsing functionality in .vzt file, allow attackers to manipulate certain input parameters during the allocation of the flags array...

Integer Overflow

gtkwave is vulnerable to Integer Overflow.The vulnerability is due to insufficient input validation and bounds checking within the VZT facgeometry parsing functionality in .vzt file, allow attackers to manipulate certain input parameters during the allocation of the lsb array...

CVE-2021-47146 mld: fix panic in mld_newpack()

In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mldnewpack mldnewpack doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skbput. Test commands: ip netns del A ip netns de...

CVE-2021-47136 net: zero-initialize tc skb extension on allocation

In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skbextadd doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TCSKBEXT originally contained only sing...

CVE-2021-47136

In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skbextadd doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TCSKBEXT originally contained only sing...

CVE-2024-2002

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to deallocfree an allocation twice, potentially causing unpredictable and various results...

CVE-2024-2002 Libdwarf: crashes randomly on fuzzed object

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to deallocfree an allocation twice, potentially causing unpredictable and various results...

CVE-2024-2002

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to deallocfree an allocation twice, potentially causing unpredictable and various results...

CVE-2024-26618

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...

BIT-TENSORFLOW-2020-15213 Denial of service in tensorflow-lite

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor,...

BIT-TENSORFLOW-2022-21733 Memory exhaustion in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on padwitdh and that result in computing a negative value for...

BIT-TENSORFLOW-2022-23567 Integer overflows in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

BIT-TENSORFLOW-2022-23580 Abort caused by allocating a vector that is too large in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...