kernel: drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback

A function prototype mismatch was found in the AMD GPU driver's DPM table callbacks. When kCFI Control Flow Integrity is enabled, the mismatched types cause CFI validation failures, potentially crashing the kernel...

kernel: perf/arm_dmc620: Fix hotplug callback leak in dmc620_pmu_init()

A resource leak flaw was found in the ARM DMC-620 PMU driver. If platformdriverregister fails during module initialization, the CPU hotplug callback registered earlier is not removed, leaving a dangling callback...

kernel: Rate limit overflow messages in r8152 in intr_callback

A vulnerability was found in intrcallback in drivers/net/usb/r8152.c in the BPF component in the Linux Kernel. The manipulation leads to logging excessive data, where an attack can be launched remotely...

CVE-2023-33055

Memory Corruption in Audio while invoking callback function in driver from ADSP...

Memory corruption

Memory Corruption in Audio while invoking callback function in driver from ADSP...

CVE-2023-33055

CVE-2023-33055 corresponds to memory corruption in Qualcomm audio when a callback in the driver is invoked from the ADSP. The record shows a local attack vector with low privileges and no user interaction, and a high impact on confidentiality, integrity, and availability (CVSS v3.1: AV=L/AC=L/PR=...

CVE-2023-33055 Buffer Copy Without Checking Size of Input in Audio

Memory Corruption in Audio while invoking callback function in driver from ADSP...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from audio memory corruption when calling callback functions in the driver from ADSP...

PT-2023-24162 · Qualcomm · Snapdragon +133

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue involves memory corruption in the audio component when a callback function in the driver is invoked from the ADSP. Recommendations: At the moment, there is no information...

Rocky Linux 8 : nghttp2 (RLSA-2020:2755)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2755 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious...

OESA-2023-1782 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open, aka a race...

PT-2024-14688

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer error in the debugfs of the Linux kernel's drm/amd/display component has been resolved. The issue was caused by not checking if the get subvp en callback exists before...

CVE-2023-46518

Mercury A15 V1.0 202308181.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB...

OESA-2023-1759 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnlosfaddcallback function did not validate the user mode controlled optnum field. This flaw allows a local privileged CAPNETADMIN attacker to trigger an...

CVE-2023-41893 Account takeover via auth_callback login in Home Assistant Core

Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirecturi and clientid are alterable when logging in. Consequently, the code parameter utilized to fetch the accesstoken post-authentication will be sent to the URL specified in the aforementioned...

Home Assistant Information Disclosure Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. An information disclosure vulnerability exists in Home Assistant versions prior to 2023.9.0, which stems from a vulnerability that allows an attacker to log in and...

github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset

Impact Rapidly creating and cancelling streams HEADERS frame immediately followed by RSTSTREAM without bound cause denial of service. See https://vulners.com/cve/CVE-2023-44487 for details. Patches nghttp2 v1.57.0 mitigates this vulnerability by default. Workarounds If upgrading to nghttp2 v1.57....

AZL-31267 CVE-2023-39189 affecting package kernel for versions less than 5.15.135.1-2

A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnlosfaddcallback function did not validate the user mode controlled optnum field. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read, leading to a crash or information disclosure...

Linux kernel buffer error vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the nfnlosfaddcallback function failing to validate the optnum field of the user mode control. An attacker...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-014)

The version of firefox installed on the remote host is prior to 102.15.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-014 advisory. Memory corruption in IPC CanvasTranslator CVE-2023-4573 Memory corruption in IPC ColorPickerShownCallback...