DEBIAN-CVE-2022-48885

In the Linux kernel, the following vulnerability has been resolved: ice: Fix potential memory leak in icegnssttywrite The icegnssttywrite return directly if the writebuf alloc failed, leaking the cmdbuf. Fix by free cmdbuf if writebuf alloc failed...

tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer

...

CVE-2024-39472

In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy hsize fixup Commit a70f9fe52daa "xfs: detect and handle invalid iclog size set by mkfs" added a fixup for incorrect hsize values used for the initial umount record in old...

CVE-2024-39472 xfs: fix log recovery buffer allocation for the legacy h_size fixup

In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy hsize fixup Commit a70f9fe52daa "xfs: detect and handle invalid iclog size set by mkfs" added a fixup for incorrect hsize values used for the initial umount record in old...

CVE-2024-39472

CVE-2024-39472 affects the Linux kernel XFS log recovery path. The issue arises from incorrect h_size handling for the legacy h_size fixup during the initial umount record, where earlier changes to LR header block calculation allowed an out-of-bounds access when h_size didn’t originate from the o...

SUSE CVE-2024-36477

In the Linux kernel, the following vulnerability has been resolved: tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account...

AZL-42829 CVE-2024-36477 affecting package kernel for versions less than 6.6.35.1-4

In the Linux kernel, the following vulnerability has been resolved: tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account...

UBUNTU-CVE-2024-36477

In the Linux kernel, the following vulnerability has been resolved: tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the tpmtisspi module not considering SPI headers when allocating TPMSPIxfer buffers...

DEBIAN-CVE-2024-38559

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is...

DEBIAN-CVE-2024-38549

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtkdrmgemobj Add a check to mtkdrmgeminit if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to...

CVE-2024-38549

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtkdrmgemobj Add a check to mtkdrmgeminit if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to...

CVE-2024-38560

The CVE-2024-38560 entry concerns Linux kernel SCSI (bfa) code. A vulnerable path copies nbytes from userspace into a kernel buffer without guaranteeing a NUL terminator, enabling an OOB read when sscanf is applied. The issue is fixed by replacing memdup_user with memdup_user_nul to ensure proper...

CVE-2024-36931 s390/cio: Ensure the copied buf is NUL terminated

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated...

AZL-45048 CVE-2024-4453 affecting package gstreamer1-plugins-base 1.20.0-3

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

CVE-2021-47475

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...

CVE-2021-47477

CVE-2021-47477 is documented in connected advisories as a Linux kernel issue affecting comedi: dt9812. The root cause is DMA buffers being allocated on the stack for USB transfers; the fix allocates proper transfer buffers in the command helpers and returns an error on short transfers instead of ...

CVE-2021-47475 comedi: vmk80xx: fix transfer-buffer overflows

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...

CVE-2021-47475 comedi: vmk80xx: fix transfer-buffer overflows

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...

GStreamer 安全漏洞

GStreamer is a set of frameworks for processing streaming media. A security vulnerability exists in GStreamer that stems from a lack of proper validation of user-supplied data, which could result in an integer overflow before a buffer is allocated...