10998 matches found
DEBIAN-CVE-2022-49952
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoid corrupting memory beyond the fixed-size slab-allocated session array when there are more than FASTRPCMAXSESSIONS...
UBUNTU-CVE-2022-50066
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aqvec index out of range error The final update statement of the for loop exceeds the array range, the dereference of self-aqveci is not checked and then leads to the index out of range error. Also fixed this...
UBUNTU-CVE-2022-50167
In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elemsize are u32. Fix this everywhere by forcing 64-bit...
CVE-2022-50167 bpf: fix potential 32-bit overflow when accessing ARRAY map element
In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elemsize are u32. Fix this everywhere by forcing 64-bit...
CVE-2022-50167
CVE-2022-50167 affects the Linux kernel’s BPF array map element access. When an array map is larger than 4GB, the element pointer calculation can overflow because index and elem_size are 32-bit. The fix forces 64-bit multiplication, extracts the formula into a separate helper, and uses it consist...
CVE-2022-50167 bpf: fix potential 32-bit overflow when accessing ARRAY map element
In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elemsize are u32. Fix this everywhere by forcing 64-bit...
CVE-2022-50066 net: atlantic: fix aq_vec index out of range error
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aqvec index out of range error The final update statement of the for loop exceeds the array range, the dereference of self-aqveci is not checked and then leads to the index out of range error. Also fixed this...
CVE-2022-49985
The CVE-2022-49985 entry concerns the Linux kernel, where the BPF component allowed a range check descriptor to misrepresent a tight range because tnum_range(0, map->max_entries-1) may yield a superset of the intended values. The root cause is that the tnum-based range representation can erron...
CVE-2022-49945
The CVE-2022-49945 issue affects the Linux kernel hwmon gpio-fan driver. The vulnerability occurs because gpio_fan_set_cur_state() does not validate the cooling state against fan_data->num_speeds, allowing an out-of-bounds index in set_fan_speed(). Practical impact is potential kernel oops or ...
CVE-2022-49945 hwmon: (gpio-fan) Fix array out of bounds access
In the Linux kernel, the following vulnerability has been resolved: hwmon: gpio-fan Fix array out of bounds access The driver does not check if the cooling state passed to gpiofansetcurstate exceeds the maximum cooling state as stored in fandata-numspeeds. Since the cooling state is later used as...
CVE-2022-49945
In the Linux kernel, the following vulnerability has been resolved: hwmon: gpio-fan Fix array out of bounds access The driver does not check if the cooling state passed to gpiofansetcurstate exceeds the maximum cooling state as stored in fandata-numspeeds. Since the cooling state is later used as...
DEBIAN-CVE-2025-38054
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freqin and signalout arrays, causing NULL pointer dereferences and triggering a kernel Oops...
CVE-2025-38054
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freqin and signalout arrays, causing NULL pointer dereferences and triggering a kernel Oops...
CVE-2025-38013
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set nchannels after allocating struct cfg80211scanrequest Make sure that nchannels is set after allocating the struct cfg80211registereddevice::intscanreq member. Seen with syzkaller: UBSAN:...
UBUNTU-CVE-2025-38054
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freqin and signalout arrays, causing NULL pointer dereferences and triggering a kernel Oops...
UBUNTU-CVE-2025-38013
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set nchannels after allocating struct cfg80211scanrequest Make sure that nchannels is set after allocating the struct cfg80211registereddevice::intscanreq member. Seen with syzkaller: UBSAN:...
CVE-2025-38054 ptp: ocp: Limit signal/freq counts in summary output functions
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freqin and signalout arrays, causing NULL pointer dereferences and triggering a kernel Oops...
CVE-2025-38054
The CVE-2025-38054 issue affects the Linux kernel PTP clock framework (ocp) in debugfs summary output. It could dereference NULL or access out-of-bounds elements in freq_in[] and signal_out[] due to uninitialized elements. The fix adds per-array counters (nr_freq_in, nr_signal_out) with a maximum...
CVE-2025-38013 wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set nchannels after allocating struct cfg80211scanrequest Make sure that nchannels is set after allocating the struct cfg80211registereddevice::intscanreq member. Seen with syzkaller: UBSAN:...
CVE-2025-38013
CVE-2025-38013 (Linux kernel) : Affected component is the wifi/mac80211 path. The issue is a UBSAN/array-index-out-of-bounds condition reported when setting n_channels during scan request construction, caused by allocating the scan request before the int_scan_req structure is allocated. The fix r...