UBUNTU-CVE-2024-46859

In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINFCURBRIGHT0x0d without checking that the SINF array is big enough...

CVE-2024-46859 platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINFCURBRIGHT0x0d without checking that the SINF array is big enough...

CVE-2024-46859

CVE-2024-46859 is a Linux kernel vulnerability affecting the panasonic-laptop code. The issue arises from unvalidated SINF array indices (0–SINF_CUR_BRIGHT, 0x0d), risking out-of-bounds accesses on devices with fewer SINF entries (e.g., CF-18 has ~10). The fix adds a minimum SINF array size check...

CVE-2024-46859 platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINFCURBRIGHT0x0d without checking that the SINF array is big enough...

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2022-23218]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-23218 Vulnerability Details CVEID:CVE-2022-23218 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based buffer overflow, caused by...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a lack of boundary checking in the drm service, which could result in out-of-bounds writes...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from the presence of a boundary-checking error...

CVE-2024-43108

CVE-2024-43108 affects the goTenna Pro ATAK Plugin. The vulnerability is due to AES-CTR encryption for short messages without any integrity checking, making messages malleable to an attacker who can access the message. Affected versions include 1.9.12 and earlier; mitigation guidance recommends u...

CVE-2024-47123

CVE-2024-47123 is tied to the goTenna Pro family where AES-CTR is used for short encrypted messages without an integrity check. The root cause is lack of message integrity protection, which makes ciphertext malleable and could compromise confidentiality/integrity of communications on affected dev...

PT-2024-7240 · D Link · D-Link Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: A critical issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to a buffer overflow. It is possible to launch the...

Security Bulletin: Vulnerability in Apache Solr affects IBM watsonx.data

Summary Apache Solr could allow a remote attacker to bypass security restrictions, caused by improper access control by the Configsets API. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. This vulnerability can be exploited when...

kernel: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes

A flaw was found in the Linux Kernel. A lpageinfo overflow can occur when checking attributes. This may lead to a crash...

kernel: xfs: add bounds checking to xlog_recover_process_data

A vulnerability has been identified within the Linux kernel's xlogrecoverprocessdata function. Specifically, the function lacks proper bounds checking on the space allocated for the fixed members of the xlogopheader structure during log record processing. This omission can lead to an out-of-bound...

kernel: net: asix: add proper error handling of usb read errors

In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asixreadcmd reads less bytes, than was requested by caller. Since all read requests are...

kernel: drm/radeon: fix UBSAN warning in kv_dpm.c

A vulnerability was found in the Linux kernel's DRM/Radeon driver, specifically in the sumovidmappingentry within the kvdpm.c file. Insufficient bounds checking can lead to memory corruption...

kernel: xfs: add bounds checking to xlog_recover_process_data

A vulnerability has been identified within the Linux kernel's xlogrecoverprocessdata function. Specifically, the function lacks proper bounds checking on the space allocated for the fixed members of the xlogopheader structure during log record processing. This omission can lead to an out-of-bound...

The vulnerability of the Yokogawa Dual-redundant Platform for Computer (PC2CKM) lies in the improper checking of the return value of a method or function, allowing an attacker to trigger a service failure.

The vulnerability of the Yokogawa Dual-redundant Platform for Computer PC2CKM is related to improper checking of the return value of a method or function. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure by sending broadcast UDP packets...

The vulnerability of the put_qpel_fallback() function in the h.265 Libde265 implementation allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the putqpelfallback function in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

ROS-20240918-10

The Jenkins Automation Server vulnerability is related to a lack of permission checking at the endpoint of the HTTP. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information The Jenkins Automation Server Remoting library vulnerability is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to perform proper null checking on incoming parameters...