57 matches found
CVE-2023-1178
An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a...
CVE-2022-49916 rose: Fix NULL pointer dereference in rose_send_frame()
In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rosesendframe The syzkaller reported an issue: KASAN: null-ptr-deref in range 0x0000000000000380-0x0000000000000387 CPU: 0 PID: 4069 Comm: kworker/0:15 Not tainted...
CVE-2022-49635
In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines holeend can be small enough to cause subtraction overflow. On the other side addr + 2 minalignment can overflow in case of mock tests. This patch should handle bot...
CVE-2024-47602
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. This function does not properly check the validity of the stream-codecpriv pointer in th...
DEBIAN-CVE-2022-48642
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix percpu memory leak at nftablesaddchain It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a "netfilter: nftables: map basechain priority to hardware priority" wh...
UBUNTU-CVE-2023-1178
An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a...
GitLab 代码注入漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that file...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read if the parameter indices for DynamicStitch does not match the shape of the parameter data. PoC import tensorflow as tf func = tf.rawops.DynamicStitch para='indices': 0xdeadbeef, 405, 519, 758, 1015, 'data':...
GSD-2023-1002166 drm/amd/display: Calculate output_color_space after pixel encoding adjustment
drm/amd/display: Calculate outputcolorspace after pixel encoding adjustment This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.165 by commit...
GSD-2023-1001878 block: ublk: extending queue_size to fix overflow
block: ublk: extending queuesize to fix overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...
GSD-2023-1000523 scsi: elx: libefc: Fix second parameter type in state callbacks
scsi: elx: libefc: Fix second parameter type in state callbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...
GSD-2022-1008182 capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
capabilities: fix potential memleak on error path from vfsgetxattralloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.224 by commit...
GSD-2022-1007703 perf: Improve missing SIGTRAP checking
perf: Improve missing SIGTRAP checking This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit b09221f1b4944d2866d06ac35e59d7a6f8916c9...
GSD-2022-1006645 drm/msm/a6xx: Replace kcalloc() with kvzalloc()
drm/msm/a6xx: Replace kcalloc with kvzalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...
GSD-2022-1004475 bpf: Fix request_sock leak in sk lookup helpers
bpf: Fix requestsock leak in sk lookup helpers This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.51 by commit...
GSD-2022-1003654 bpf: Fix excessive memory allocation in stack_map_alloc()
bpf: Fix excessive memory allocation in stackmapalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...
GSD-2022-1003466 nbd: fix io hung while disconnecting device
nbd: fix io hung while disconnecting device This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.122 by commit...
GSD-2022-1002457 llc: only change llc->dev when bind() succeeds
llc: only change llc-dev when bind succeeds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.274 by commit...
GSD-2022-1002310 virtio_console: eliminate anonymous module_init & module_exit
virtioconsole: eliminate anonymous moduleinit & moduleexit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.238 by commit...
GSD-2022-1001461 media: atomisp: fix dummy_ptr check to avoid duplicate active_bo
media: atomisp: fix dummyptr check to avoid duplicate activebo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...