Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to free the page array when watchqueue is disassembled...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from dsa that could lead to array out-of-bounds access and crashes when synchronizing VLAN filtering across chips...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an array out-of-bounds when accessing compander of aux in rx-macro...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check macid in the rtw89phycfoparse function, resulting in an array out-of-bounds...

GHSA-4W26-8P97-F4JP AugAssign evaluation order causing OOB write within the object in Vyper

Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write...

PYSEC-2025-31

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...

Linux kernel buffer overflow vulnerability (CNVD-2025-03434)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a buffer overflow vulnerability that originates from a boundary checking error in the imixentries array in the getimixentries function of pktgen, whic...

A malicious manifests can lead to DoS due to unchecked array bound access via network in ollama/ollama

This report is not public...

SUSE CVE-2024-1874

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.dot...

CVE-2024-36732

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.tensordot...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: It was determined that processstring also allows arrays. To address a common bug where TRACEEVENT’s TPfastassign assigns the address of an allocated string to the ring buffer and then references it in TPPrintk, which can...

Astra Linux – Vulnerability in dcmtk

There is an improper array index validation vulnerability in the nowindow functionality of OFFIS DCMT 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mwifiex: Fixed a warning regarding memcpy operations that span entire fields in mwifiexcmd80211scanext. This fix involves replacing a one-element array with a flexible-array member in the struct hostcmdds80211scanext...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: For Wi-Fi-related modules, such as mwifiex: The issue of warning messages during memcpy operations that span multiple fields in mwifiexconfigscan has been fixed. To address this issue, replace the one-element array in the struct...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size. Functions like plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of a certain minimum size. Currently, this is only...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisipcie: Fixed out-of-bound access when a valid event group is used. The perf tool allows users to create event groups using the cmd 1. However, the driver does not check whether the array index is out of bounds wh...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Check gpioid before using it as an array index. WHY & HOW The value “GPIOIDUNKNOWN -1” is not a valid value for an array index. Therefore, this value should be checked in advance. This fix resolves 5 OVERRUN...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: toshibaacpi – Fixed array out-of-bounds access. In order to use toshibadmiquirks together with the standard DMI-related functions, it is necessary to end the list with an empty entry. Since this entry is missing, an...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: speakup: Fixed the bug where sizeof was used instead of ARRAYSIZE. The “buf” pointer is an array of u16 values. This code should use ARRAYSIZE which is 256, instead of sizeof which is 512. Otherwise, it may still lead to...