CVE-2025-21811 nilfs2: protect access to buffers with no active references

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references nilfslookupdirtydatabuffers, which iterates through the buffers attached to dirty data folios/pages, accesses the attached buffers without locking the folios/pages. For...

CVE-2025-21811 nilfs2: protect access to buffers with no active references

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references nilfslookupdirtydatabuffers, which iterates through the buffers attached to dirty data folios/pages, accesses the attached buffers without locking the folios/pages. For...

CVE-2025-21811

CVE-2025-21811 affects the Linux kernel NILFS2 component. The vulnerability stems from nilfs_lookup_dirty_data_buffers() iterating buffers attached to dirty data folios/pages and accessing buffers without proper locking, creating a use-after-free risk when buffers lose dirty state due to asynchro...

CVE-2025-21811 nilfs2: protect access to buffers with no active references

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references nilfslookupdirtydatabuffers, which iterates through the buffers attached to dirty data folios/pages, accesses the attached buffers without locking the folios/pages. For...

CVE-2025-21811

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references nilfslookupdirtydatabuffers, which iterates through the buffers attached to dirty data folios/pages, accesses the attached buffers without locking the folios/pages. For...

CVE-2022-49515 ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t

In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otppackedelementt The CS35L41NUMOTPELEM is 100, but only 99 entries are defined in the array otpmap1/2CS35L41NUMOTPELEM, this will trigger UBSAN to report a shift-out-of-bounds warnin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the usb:cdc-acm module not checking the transfer buffer size before accessing it...

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTKs. An attacker could use a specially crafted USB device or smart card, which would send a specially crafted response to APDUs to the system. When buffers are partially filled with data, the initialized...

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in the pkcs15-init tool in OpenSC. An attacker could use a specially crafted USB Device or Smart Card, which would send a specially crafted response to APDUs to the system. When buffers are partially filled with data, the initialized parts of the buffer can be...

CVE-2020-16101

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166MR3, v8.10 prior to v8.10.1211MR5, v8.00 prior to v8.00.1228MR6, all versions of 7.90 and earlier...

Security Bulletin: Out of bound read/write access vulnerability in IBM® SDK, Java™ Technology Edition version 8 may affect IBM Storage Protect Operations Center (CVE-2024-3933)

Summary Unrestricted out-of-bound read / write access vulnerability CVE-2024-3933 exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Operations Center. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated...

Security Bulletin: A vulnerability in IBM Java Runtime affects Tivoli Netcool/OMNIbus. (CVE-2024-3933)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Linux on IBM Z Systems. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass...

CVE-2024-57802

CVE-2024-57802 concerns the Linux kernel netrom path. The issue arises when sending raw messages through ieee802154, where nr_route_frame may read uninitialized data due to not validating the skb buffer length. The root cause is a missing skb->len check before accessing skb->data in nr_rout...

CVE-2025-22134 heap-buffer-overflow with visual mode in Vim < 9.1.1003

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visu...

CVE-2025-22134

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visu...

CVE-2024-47774

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. The function reads the namelength value directly from the input file without checking it properly. Then,...

CVE-2024-33040 Use After Free in Camera Driver

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access...

CVE-2024-33040

CVE-2024-33040 corresponds to a memory corruption issue reported in Qualcomm camera driver code, caused by a race condition between releasing a user-space buffer and subsequent kernel-space access due to a redundant release command. Affected component is a camera driver (Qualcomm chipset context)...

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2024 - Includes OpenJDK Apr 2024 CPU

Summary IBM Semeru Runtime Quarterly CPU - Apr 2024 is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impacts...

Security Bulletin: Out of bound read/write access vulnerability in IBM® SDK, Java™ Technology Edition version 8 may affect IBM Storage Protect Server (CVE-2024-3933)

Summary Unrestricted out-of-bound read / write access vulnerability CVE-2024-3933 exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Server. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to...