CVE-2022-49523

CVE-2022-49523 affects the Linux kernel component ath11k, specifically the spectral scan path during spectral_deinit. The issue arises when ath11k modules are removed (rmmod) with spectral scan enabled, which can trigger a crash (kernel NULL pointer dereference) as shown by the provided call trac...

CVE-2022-49523 ath11k: disable spectral scan during spectral deinit

In the Linux kernel, the following vulnerability has been resolved: ath11k: disable spectral scan during spectral deinit When ath11k modules are removed using rmmod with spectral scan enabled, crash is observed. Different crash trace is observed for each crash. Send spectral scan disable WMI...

CVE-2022-49231 rtw88: fix memory overrun and memory leak during hw_scan

In the Linux kernel, the following vulnerability has been resolved: rtw88: fix memory overrun and memory leak during hwscan Previously we allocated less memory than actual required, overwrite to the buffer causes the mm module to complaint and raise access violation faults. Along with potential...

CVE-2022-49231

In the Linux kernel, the following vulnerability has been resolved: rtw88: fix memory overrun and memory leak during hwscan Previously we allocated less memory than actual required, overwrite to the buffer causes the mm module to complaint and raise access violation faults. Along with potential...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking if core-ops is NULL in hficoredeinit, which could lead to a null pointer dereference...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a repeat call to aqnicdeinit on recovery, which could lead to a hang issue...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not disabling spectral scan during spectraldeinit, which could lead to a crash...

UBUNTU-CVE-2024-36030

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: fix the double free in rvunpcfreemem Clang static checkerscan-build warning： drivers/net/ethernet/marvell/octeontx2/af/rvunpc.c:line 2184, column 2 Attempt to free released memory. npcmcamrsrcsdeinit has released...

CVE-2024-35921 media: mediatek: vcodec: Fix oops when HEVC init fails

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed i...

SUSE CVE-2023-45680

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, the f-commentlist is set to NULL, but f-commentlistlength is not reset. Later in vorbisdeinit it tries to...

SUSE CVE-2023-45679

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...

DEBIAN-CVE-2023-45680

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, the f-commentlist is set to NULL, but f-commentlistlength is not reset. Later in vorbisdeinit it tries to...

PT-2023-29647 · Unknown +1 · Stb Vorbis +1

Name of the Vulnerable Software and Affected Versions: stb vorbis affected versions not specified Description: The issue is related to a memory allocation failure in the start decoder function when processing a crafted ogg vorbis file. This failure causes the function to return early, setting...

GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit`

...

SUSE CVE-2023-29007

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in...

ALPINE-CVE-2023-29007

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in...

CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit`

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in...

GSD-2022-1003614 ath11k: disable spectral scan during spectral deinit

ath11k: disable spectral scan during spectral deinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...

GSD-2022-1002828 media: venus: hfi: avoid null dereference in deinit

media: venus: hfi: avoid null dereference in deinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing and then an invalid second handshake occurs. The crash happens in the application's error handling path where the gnutls_deinit function is called after detecting a handshake failure.

...