Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-49995: tipc: guard against string buffer overrun bsc1232432. CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus bsc1233479. CVE-2024-53063:...

SUSE-SU-2024:4397-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-49995: tipc: guard against string buffer overrun bsc1232432. - CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus bsc1233479. - CVE-2024-5306...

The vulnerability of the gst_ssa_parse_remove_override_codes function in the Gstreamer multimedia framework allows a violator to trigger a service failure.

The vulnerability of the gstssaparseremoveoverridecodes function in the Gstreamer multimedia framework is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

BIT-NODE-MIN-2022-3602 X.509 Email Address 4-byte Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

BIT-NODE-MIN-2022-3786 X.509 Email Address Variable Length Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

CVE-2024-53142

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

The vulnerability of the Wireless Wide Area Network Service (WwanSvc) in Microsoft Windows operating systems allows a hacker to increase their privileges.

The vulnerability of the Wireless Wide Area Network Service WwanSvc in Microsoft Windows operating systems is related to operations that go beyond the buffer limits in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of Intel NUC Software Studio Service’s software for the Windows operating system, related to writing beyond the buffer boundaries, allows attackers to exploit their privileges.

The vulnerability of Intel NUC Software Studio Service for the Windows operating system is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the UMTS RLC microprogramming software driver for Unisoc chips, related to buffer overflow attacks, allows attackers to cause service failures.

The vulnerability of the UMTS RLC microprogramming software driver for Unisoc chips is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failure...

The vulnerability of the Wireless Wide Area Network Service (WwanSvc) in Microsoft Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Wireless Wide Area Network Service WwanSvc in Microsoft Windows operating systems is related to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the Adobe Media Encoder application, related to the execution of operations beyond buffer boundaries in memory, allows a perpetrator to execute arbitrary code.

The vulnerability of the Adobe Media Encoder application relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Windows Mobile Broadband Driver for Microsoft Windows operating systems allows attackers to gain increased privileges.

The vulnerability of the Windows Mobile Broadband Driver for Microsoft Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...

php: 1-byte array overrun in common path resolve code

A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which...

The vulnerability of the USER command processor in TP-Link VN020 F3v(T) wireless routers allows a hacker to cause a service failure.

The vulnerability of the USER command handler in TP-Link VN020 F3vT Wi-Fi routers lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to cause service failures remotely...

CVE-2024-54091

A vulnerability has been identified in Solid Edge SE2024 All versions V224.0 Update 12, Solid Edge SE2025 All versions V225.0 Update 3. The affected application contains an out of bounds write past the end of an allocated buffer while parsing XT data or a specially crafted file in XT format. This...

The vulnerability of the Multimedia Memory Management Unit (M4U) in MediaTek’s microprogramming chip-based devices allows attackers to exploit their privileges.

The vulnerability of the Multimedia Memory Management Unit M4U in MediaTek’s microprogramming software is related to the occurrence of operations that go beyond the buffer in memory due to a data type mixing error. Exploiting this vulnerability can allow attackers to gain increased privileges...

SUSE CVE-2024-53142

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

CVE-2024-53142

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

AZL-54087 CVE-2024-53142 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

AZL-54094 CVE-2024-53142 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...