CVE-2023-53238

In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is INNOPHYPORTNUM. In the for loop, 'i' is used as the index for array 'priv-ports' with a check i INNOPHYPORTNUM which indicates that...

CVE-2022-50315

In the Linux kernel, the following vulnerability has been resolved: ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS UBSAN complains about array-index-out-of-bounds: 1.980703 kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 1.980709 kernel:...

UBUNTU-CVE-2023-53238

In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is INNOPHYPORTNUM. In the for loop, 'i' is used as the index for array 'priv-ports' with a check i INNOPHYPORTNUM which indicates that...

CVE-2022-50315 ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS

In the Linux kernel, the following vulnerability has been resolved: ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS UBSAN complains about array-index-out-of-bounds: 1.980703 kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 1.980709 kernel:...

USN-7751-1: SQLite vulnerability

It was discovered that the FTS5 SQLite extension incorrectly calculated certain array lengths. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-7751-1 sqlite3 vulnerability

It was discovered that the FTS5 SQLite extension incorrectly calculated certain array lengths. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2023-53238 phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()

In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is INNOPHYPORTNUM. In the for loop, 'i' is used as the index for array 'priv-ports' with a check i INNOPHYPORTNUM which indicates that...

CVE-2022-50263

CVE-2022-50263 concerns the Linux kernel component vdpasim. The vulnerability stems from a memory leak when freeing IOTLBs: after the commit that added control virtqueue support, vdpasim->iommu became an array of IOTLBs, and mappings must be cleaned for each free IOTLB rather than deleting onl...

CVE-2023-53195

In the Linux kernel, the following vulnerability has been resolved: mlxsw: minimal: fix potential memory leak in mlxswmlinecardsinit The line cards array is not freed in the error path of mlxswmlinecardsinit, which can lead to a memory leak. Fix by freeing the array in the error path, thereby...

UBUNTU-CVE-2023-53195

In the Linux kernel, the following vulnerability has been resolved: mlxsw: minimal: fix potential memory leak in mlxswmlinecardsinit The line cards array is not freed in the error path of mlxswmlinecardsinit, which can lead to a memory leak. Fix by freeing the array in the error path, thereby...

UBUNTU-CVE-2023-53181

In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking on krealloc failure Currently dmaresvgetfences will leak the previously allocated array if the fence iteration got restarted and the kreallocarray fails. Free the old array by hand, and make sure we...

CVE-2023-53195 mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init

In the Linux kernel, the following vulnerability has been resolved: mlxsw: minimal: fix potential memory leak in mlxswmlinecardsinit The line cards array is not freed in the error path of mlxswmlinecardsinit, which can lead to a memory leak. Fix by freeing the array in the error path, thereby...

CVE-2023-53181 dma-buf/dma-resv: Stop leaking on krealloc() failure

In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking on krealloc failure Currently dmaresvgetfences will leak the previously allocated array if the fence iteration got restarted and the kreallocarray fails. Free the old array by hand, and make sure we...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper array bounds checking, which could lead to out-of-bounds writes...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from uninitialized array access and could lead to a filename handling exception...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not freeing an array of line cards in the wrong path, which could lead to a memory leak...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly locking physical CPU numbers, which could lead to out-of-bounds access to arrays...

exploit_me

This is a vulnerable ARM/AARCH64 application, specifically designed for a CTF Capture The Flag style exploitation tutorial. The application is written in C and is intended to demonstrate various types of vulnerabilities, including integer overflow, stack overflow, array overflow, off-by-one, stac...

CVE-2025-7709

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds...

SUSE CVE-2025-38731

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vmbindioctl double free bug If the argument check during an array bind fails, the bindops are freed twice as seen below. Fix this by setting bindops to NULL after freeing...