56 matches found
ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
Summary Null pointer dereference SIGSEGV in Upsample67::adaptupsample67 onnx/versionconverter/adapters/upsample67.h:31 when convertversion processes a model with an Upsample node that has zero inputs. The adapter accesses node-inputs0-sizes without checking input count. 107-byte PoC crashes on...
SUSE CVE-2026-53187
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate cpuid against nrcpuids in DMAH alloc The cpuid attribute supplied by user space through UVERBSATTRALLOCDMAHCPUID is passed directly to cpumasktestcpu without first verifying that the value is within the valid...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: The issue related to null-ptr-deref in bitmapparselist has been fixed. A crash was observed with the following output: BUG: NULL pointer dereferencing in the kernel; address: 0000000000000010 Oops: 0000 1 SMP NOP...
SUSE CVE-2026-31741
In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time the sysfs enable file is written to. If user writes 0 to the sysfs enable file multiple times,...
CVE-2026-43075 ocfs2: fix out-of-bounds write in ocfs2_write_end_inline
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2writeendinline KASAN reports a use-after-free write of 4086 bytes in ocfs2writeendinline, called from ocfs2writeendnolock during a copyfilerange splice fallback on a corrupted ocfs2 filesyst...
CVE-2019-20426
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlmcancelhpreqcheck, there is no lockcount bounds check...
CVE-2023-54240 net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix possible NULL pointer dereference in mtkhwlrogetfdirall rulelocs is allocated in ethtoolgetrxnfc and the size is determined by rulecnt from user space. So rulecnt needs to be check before using...
PT-2025-51705
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The atlantic network driver in the Linux kernel is susceptible to a fragment overflow when handling large, multi-descriptor packets in the receive RX path. This occurs because the driver...
CVE-2023-53748
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queuesetup variable nplanes is provided by user via system call argument. The possible value of qdata-fmt-numplanes is 1-3, while the value of nplanes can be...
CVE-2022-50619 drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in kfdmemdmamapuserptr If the number of pages from the userptr BO differs from the SG BO then the allocated memory for the SG table doesn't get freed before returning -EINVAL, which may lead to a memor...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990412)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990412 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier While the check for formatcount 64 in...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990005)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990005 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbdallocconfig and module removal When nbd module is being removing,...
JLSEC-2025-114 dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_cou...
dwauncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dccount is not strictly checked...
kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check...
EUVD-2021-34646
In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier While the check for formatcount 64 in drmuniversalplaneinit shouldn't be hit it's a WARNON, in its current position it will then leak the plane-formattypes array and fail to cal...
EUVD-2017-8966
Malware in sbrugna...
EUVD-2023-44813
Malicious code in bioql PyPI...
EUVD-2022-55450
Malicious code in bioql PyPI...
EUVD-2022-54948
Malicious code in bioql PyPI...
EUVD-2023-29659
Malicious code in bioql PyPI...