EUVD-2022-54881

Malicious code in bioql PyPI...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: rtla/osnoise: Prevent NULL dereferencing in error handling. If the allocation of "tool-data" fails, there is no need to call osnoisefreetop. In fact, doing so will lead to a NULL dereferencing...

kernel: cpufreq: amd-pstate: fix memory leak on CPU EPP exit

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc in amdpstateeppcpuinit is not freed in the analogous exit function, so fix that. rjw: Subject and changelog edits...

kernel: Bluetooth: btrtl: fix out of bounds memory access

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtekdata'. If btrtl driver is used with btusb, then memory for private hci data is...

UBUNTU-CVE-2024-45002

In the Linux kernel, the following vulnerability has been resolved: rtla/osnoise: Prevent NULL dereference in error handling If the "tool-data" allocation fails then there is no need to call osnoisefreetop and, in fact, doing so will lead to a NULL dereference...

UBUNTU-CVE-2024-40997

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc in amdpstateeppcpuinit is not freed in the analogous exit function, so fix that. rjw: Subject and changelog edits...

SUSE CVE-2023-52763

In the Linux kernel, the following vulnerability has been resolved: i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DATdata. The i3cmasterbusinit function may attach the I2C devices before the I3C bus initialization. In this flow, the DAT allocentry will be used before the DAT init...

SUSE CVE-2023-52858

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtkallocclkdata Add the check for the return value of mtkallocclkdata in order to avoid NULL pointer dereference...

DEBIAN-CVE-2023-52876

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629-eth: Add check for mtkallocclkdata Add the check for the return value of mtkallocclkdata in order to avoid NULL pointer dereference...

CVE-2023-52664

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aqringfree could be called multiple times on same ring, if system is under stress and got memory allocation...

CVE-2023-52664

The CVE-2023-52664 issue affects the Linux kernel net: Atlantic driver, where a logic error in ring data allocation/free can lead to a double-free scenario in error handling if memory allocation fails. The root cause is using the ring pointer as a failure indicator, while only ring data is alloca...

DEBIAN-CVE-2024-26890

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtekdata'. If btrtl driver is used with btusb, then memory for private hci data is...

CVE-2021-47004

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in getvictim In CP disabling mode, there are two issues when using LFS or SSR | ATSSR mode to select victim: 1. LFS is set to find source section during GC, the victim should have no...

kernel: regulator: core: Use different devices for resource allocation and DT lookup

In the Linux kernel, the following vulnerability has been resolved: regulator: core: Use different devices for resource allocation and DT lookup Following by the below discussion, there's the potential UAF issue between regulator and mfd...

Siemens RUGGEDCOM ROS integer overflow vulnerability

Siemens RuggedCom ROS is an operating system used in the RuggedCom family of switches from Siemens Germany. Siemens RUGGEDCOM ROS is vulnerable to an integer overflow vulnerability that could be exploited by an attacker to request large amounts of data, resulting in the allocation of smaller data...

CVE-2018-1108

A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated...

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer / libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. The issue occurs because JBIGDecode entirely ignores the size of the buffer that is passed to it: static int JBIGDecodeTI...

CVE-2018-1108

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated...

CVE-2018-1108

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated...

ALPINE-CVE-2017-14151

An off-by-one error was discovered in opjtcdcodeblockencallocatedata in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service heap-based buffer overflow affecting opjmqcflush in lib/openjp2/mqc.c and opjt1encodecblk in...