765 matches found
kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check...
SUSE CVE-2025-39816
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths Since the buffers are mapped from userspace, it is prudent to use READONCE to read the value into a local variable, and use that for any other actions taken...
SUSE CVE-2025-39822
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: fix signedness in thislen calculation When importing and using buffers, buf-len is considered unsigned. However, buf-len is converted to signed int when committing. This can lead to unexpected behavior if the buffer...
UBUNTU-CVE-2023-53320
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo The function mpi3mrgetalltgtinfo has four issues: 1 It calculates valid entry length in alltgtinfo assuming the header part of the struct mpi3mrdevicemapinfo would equal to sizeofu3...
CVE-2023-53320
CVE-2023-53320 (Linux kernel) relates to scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info(). The patch fixes four issues in mpi3mr_get_all_tgt_info(): (1) valid entry length now uses the correct header size (sizeof(u64) instead of sizeof(u32)); (2) kern_entrylen no longer subtracts one from nu...
CVE-2023-53320 scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo The function mpi3mrgetalltgtinfo has four issues: 1 It calculates valid entry length in alltgtinfo assuming the header part of the struct mpi3mrdevicemapinfo would equal to sizeofu3...
CVE-2025-39816
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths Since the buffers are mapped from userspace, it is prudent to use READONCE to read the value into a local variable, and use that for any other actions taken...
UBUNTU-CVE-2025-39816
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths Since the buffers are mapped from userspace, it is prudent to use READONCE to read the value into a local variable, and use that for any other actions taken...
CVE-2025-39822 io_uring/kbuf: fix signedness in this_len calculation
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: fix signedness in thislen calculation When importing and using buffers, buf-len is considered unsigned. However, buf-len is converted to signed int when committing. This can lead to unexpected behavior if the buffer...
CVE-2025-39822 io_uring/kbuf: fix signedness in this_len calculation
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: fix signedness in thislen calculation When importing and using buffers, buf-len is considered unsigned. However, buf-len is converted to signed int when committing. This can lead to unexpected behavior if the buffer...
CVE-2025-39816 io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths Since the buffers are mapped from userspace, it is prudent to use READONCE to read the value into a local variable, and use that for any other actions taken...
CVE-2025-39816 io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths Since the buffers are mapped from userspace, it is prudent to use READONCE to read the value into a local variable, and use that for any other actions taken...
PT-2025-37961
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue in the io uring/kbuf subsystem where buffer lengths are not consistently read. This is due to the use of potentially unstable reads of user-space...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to read the ring buffer length using READONCE, which could lead to data inconsistency...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a sign problem in buffer length calculations that could lead to unexpected behavior...
DEBIAN-CVE-2023-53220
In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007i2cxfer In az6007i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach az6007i2cxfer. If...
CVE-2022-50253
In the Linux kernel, the following vulnerability has been resolved: bpf: make sure skb-len != 0 when redirecting to a tunneling device syzkaller managed to trigger another case where skb-len == 0 when we enter devqueuexmit: WARNING: CPU: 0 PID: 2470 at include/linux/skbuff.h:2576 skbassertlen...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check buffer lengths and incorrect use of the snprintf function, which could result in a buffer...
CVE-2025-39713 media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in raininterrupt In the interrupt handler raininterrupt, the buffer full check on rain-buflen is performed before acquiring rain-buflock. This creates a Time-of-Check to Time-of-Us...
Security update for opensc
This update for opensc fixes the following issues: CVE-2023-5992: Side-channel leaks while stripping encryption PKCS1 padding bsc1219386. CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key bsc1230364. CVE-2024-45620: Incorrect handling of the length of buffers or files in...