124 matches found
CVE-2025-39713
In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in raininterrupt In the interrupt handler raininterrupt, the buffer full check on rain-buflen is performed before acquiring rain-buflock. This creates a Time-of-Check to Time-of-Us...
UBUNTU-CVE-2025-39713
In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in raininterrupt In the interrupt handler raininterrupt, the buffer full check on rain-buflen is performed before acquiring rain-buflock. This creates a Time-of-Check to Time-of-Us...
CVE-2025-39713
The CVE-2025-39713 entry concerns the Linux kernel media: rainshadow-cec driver, where rain_interrupt() performed a buffer-full check on rain->buf_len before acquiring rain->buf_lock. This TOCTOU race could allow concurrent interrupts to overflow the buffer (DATA_SIZE) by writing beyond cap...
In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
...
Linux Distros Unpatched Vulnerability : CVE-2020-36766
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged...
MAL-2025-10881 Malicious code in @zalastax/nolb-cec (npm)
The package @zalastax/nolb-cec was found to contain malicious code...
USN-7540-1 linux-raspi-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7540-1: Linux kernel (Raspberry Pi) vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7539-1 linux-raspi vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
Ubuntu 20.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-7539-1)
"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7539-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...
Ubuntu 18.04 LTS : Linux kernel (IBM) vulnerabilities (USN-7463-1)
"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7463-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...
USN-7463-1 linux-ibm-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
kernel: use-after-free in cec_queue_msg_fh
A vulnerability was found in the Linux kernel. A use-after-free exists in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...
USN-7401-1 linux-aws-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7392-4 linux-aws-fips vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7392-3: Linux kernel (AWS) vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7392-3 linux-aws vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-7391-1)
"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7391-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...
USN-7392-2 linux-azure-fips, linux-gcp-fips vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7393-1 linux-fips vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...