765 matches found
SUSE CVE-2025-40301
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...
CVE-2025-40301
No description is available for this CVE. Mitigation To mitigate this issue, disable the Bluetooth kernel module if Bluetooth functionality is not required. This can be achieved by blacklisting the bluetooth module. Create a file named /etc/modprobe.d/disable-bluetooth.conf with the following...
EUVD-2025-201644
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...
UBUNTU-CVE-2025-40292
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 "virtio-net: use mtu size as buffer length for big packets", when guest gso is off, the allocated size for big packets is not MAXSKBFRAGS PAGESIZE...
CVE-2025-40301
CVE-2025-40301 affects the Linux kernel Bluetooth subsystem, specifically the HCI event handling path. The issue arises in hci_cmd_complete_evt() when an event has an unknown opcode: the code previously assumed skb->data[0] holds the return status, but parameter data may have already been pull...
CVE-2025-40292
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 "virtio-net: use mtu size as buffer length for big packets", when guest gso is off, the allocated size for big packets is not MAXSKBFRAGS PAGESIZE...
PT-2025-49433
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth implementation within the hci cmd complete evt function. Specifically, the code does not validate the length of the socket buffer skb before...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unverified skb length that could lead to the use of uninitialized memory...
BIT-ACTIVEMQ-2025-27533 Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service DoS by depleting process memor...
ESP-IDF 缓冲区错误漏洞
ESP-IDF is an Espressif open source development framework for Espressif SoCs supported on Windows, Linux and macOS. A buffer error vulnerability exists in ESP-IDF versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and prior versions, which stems from insufficient validation of the buffer length when AVR...
kernel: net: usb: smsc75xx: Limit packet length to skb->len
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb-len Packet length retrieved from skb data may be larger than the actual socket buffer length up to 9026 bytes. In such case the cloned skb passed up the network stack will leak kerne...
net: usb: lan78xx: Limit packet length to skb->len
...
Siemens SIMATIC S7-1500 Incorrect Calculation of Buffer Size (CVE-2024-45490)
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
UBUNTU-CVE-2025-40043
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nciinitreq, which was introduced by commit 5aca7966d2a7 "Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16' of...
Siemens SIMATIC Devices Integer Overflow or Wraparound (CVE-2024-58017)
printk: Fix signed integer overflow when defining LOGBUFLENMAX This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503397; scriptversion"1.2";...
EUVD-2023-60030
In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xpalloctxdescs fails, and it can only fail due to not having enough memory,...
kernel: net: usb: smsc75xx: Limit packet length to skb->len
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb-len Packet length retrieved from skb data may be larger than the actual socket buffer length up to 9026 bytes. In such case the cloned skb passed up the network stack will leak kerne...
kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check...
kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check...
kernel: net: usb: smsc75xx: Limit packet length to skb->len
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb-len Packet length retrieved from skb data may be larger than the actual socket buffer length up to 9026 bytes. In such case the cloned skb passed up the network stack will leak kerne...