281 matches found
SUSE CVE-2019-1010315
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig dsdiff.c:282. The attack vector is: Maliciously crafted .wav file. The fixed...
SUSE CVE-2021-37676
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...
GSD-2023-1001922 device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()
device property: fix of node refcount leak in fwnodegraphgetnextendpoint This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit...
GSD-2023-1000881 net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmiiprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...
GSD-2022-1008223 ftrace: Fix null pointer dereference in ftrace_add_mod()
ftrace: Fix null pointer dereference in ftraceaddmod This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.267 by commit...
GSD-2022-1007717 tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
tracing: kprobe: Fix potential null-ptr-deref on tracearray in kprobeeventgentestexit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by...
GHSA-PF36-R9C6-H97J Invalid char to bool conversion when printing a tensor
Impact When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. Patches We have patched the issu...
GHSA-MV77-9G28-CWG3 `CHECK` fail via inputs in `PyFunc`
Impact An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. python import tensorflow as tf value = tf.constantvalue=1,2 token = b'\xb0' dataType = tf.int32 tf.rawops.PyFuncinput=value,token=token,Tout=dataType Patches We have patched the issue in GitHub...
AZL-11526 CVE-2022-41886 affecting package tensorflow for versions less than 2.11.0-1
TensorFlow is an open source platform for machine learning. When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also...
CVE-2022-41911 Invalid char to bool conversion when printing a tensor in Tensorflow
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so...
GSD-2022-1006804 tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
tty: serial: fsllpuart: disable dma rx/tx use flags in lpuartdmashutdown This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1005249 intel_th: Fix a resource leak in an error handling path
intelth: Fix a resource leak in an error handling path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...
GSD-2022-1005112 igb: Add lock to avoid data race
igb: Add lock to avoid data race This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit 64c0c233a88591bb23569ae12eed7f74e5bd39ce, it...
CVE-2022-36013
TensorFlow is an open source platform for machine learning. When mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0...
UBUNTU-CVE-2022-36186
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gffilterpidsetpropertyfull at filtercore/filterpid.c:5250,which causes a Denial of Service DoS. This vulnerability was fixed in commit b43f9d1...
GSD-2022-1004493 usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
usb: gadget: lpc32xxudc: Fix refcount leak in lpc32xxudcprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.49 by commit...
GSD-2022-1004351 tcp: Fix data-races around sysctl_tcp_min_snd_mss.
tcp: Fix data-races around sysctltcpminsndmss. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.58 by commit...
GSD-2022-1003097 irqchip/gic-v3: Fix priority mask handling
irqchip/gic-v3: Fix priority mask handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...
GSD-2022-1002929 net/mlx5: E-Switch, pair only capable devices
net/mlx5: E-Switch, pair only capable devices This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.15 by commit...
CVE-2022-29339
In GPAC 2.1-DEV-rev87-g053aae8-master, function BSReadByte in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2...