SUSE CVE-2023-53146

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102i2ctransfer In dw2102i2ctransfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach...

kernel: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Use skbsetlength for resetting urb before resubmit Syzbot points out that skbtrim has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly ju...

SUSE CVE-2025-37810

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check...

CVE-2024-49829

Memory corruption can occur during context user dumps due to inadequate checks on buffer length...

UBUNTU-CVE-2025-37810

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check...

CVE-2025-37810 usb: dwc3: gadget: check that event count does not exceed event buffer length

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check...

GHSA-WHXR-3P84-RF3C Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service DoS by depleting process memor...

CVE-2024-49829

Memory corruption can occur during context user dumps due to inadequate checks on buffer length...

CVE-2024-49829

Memory corruption can occur during context user dumps due to inadequate checks on buffer length...

CVE-2024-49829

CVE-2024-49829 describes a memory corruption in Qualcomm chipsets during contextual user dumps caused by inadequate checks on buffer length. Connected sources attribute the issue to the camera subsystem (buffer copy without checking size) with local attacker requirements (local access, low comple...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a lack of buffer length checking during contextual user dumps, which could lead to memory corruption...

PT-2025-19859 · Qualcomm · Snapdragon +10

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Memory corruption can occur during user context dumps due to inadequate checks on buffer length. This issue is related to improper handling of buffer lengths, which can lead to memory...

SUSE CVE-2023-53068

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb-len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory content...

CVE-2023-53133

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcpbpfrecvmsgparser When the buffer length of the recvmsg system call is 0, we got the flollowing soft lockup problem: watchdog: BUG: soft lockup - CPU3 stuck for 27s!...

CVE-2023-53062

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb-len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory conten...

CVE-2023-53133 bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcpbpfrecvmsgparser When the buffer length of the recvmsg system call is 0, we got the flollowing soft lockup problem: watchdog: BUG: soft lockup - CPU3 stuck for 27s!...

CVE-2023-53133 bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcpbpfrecvmsgparser When the buffer length of the recvmsg system call is 0, we got the flollowing soft lockup problem: watchdog: BUG: soft lockup - CPU3 stuck for 27s!...

The vulnerability of the SNMP protocol implementation in Cisco IOS and IOS XE operating systems allows a intruder to trigger a service failure.

The vulnerability of the SNMP protocol implementation in Cisco IOS and IOS XE operating systems is related to access to the buffer with an incorrect length value. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the SNMP protocol implementation in Cisco IOS and IOS XE operating systems allows a intruder to trigger a service failure.

The vulnerability of the SNMP protocol implementation in Cisco IOS and IOS XE operating systems is related to access to the buffer with an incorrect length value. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB The Linux kernel CVE team has assigned CVE-2024-35938 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35938-0100@gregkh/T...