CVE-2024-47674 mm: avoid leaving partial pfn mappings around in error case

In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw...

CVE-2024-42099

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix invalid dereferencing of indirect CCW data pointer Fix invalid dereferencing of indirect CCW data pointer in dasdeckddumpsense that leads to a kernel panic in error cases. When using indirect addressing for DASD CC...

CVE-2024-42099 s390/dasd: Fix invalid dereferencing of indirect CCW data pointer

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix invalid dereferencing of indirect CCW data pointer Fix invalid dereferencing of indirect CCW data pointer in dasdeckddumpsense that leads to a kernel panic in error cases. When using indirect addressing for DASD CC...

CVE-2022-48773

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdmaepcreate If there are failures then we must not leave the non-NULL pointers with the error value, otherwise rpcrdmaepdestroy gets confused and tries free them, resulting in an...

CVE-2021-47316

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svcencodegetaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and dreallyispositivedentry, but that looks like overkill to me--zero status should ...

CVE-2021-47316

CVE-2021-47316 affects the Linux kernel NFSD: a NULL dereference in nfs3svc_encode_getaclres can occur in error paths when the dentry is NULL, prior to the patch 20798dfe249a. The issue is resolved by a fix in the kernel encoder, preventing the NULL dereference in error handling. Affected product...

CVE-2024-1394

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

CVE-2023-40218

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application...

CVE-2023-40218

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application...

Null pointer dereference

The OPC autogenerated ANSI C stack stubs in the NodeSets do not handle all error cases. This can lead to a NULL pointer dereference...

CVE-2021-45117

The OPC autogenerated ANSI C stack stubs in the NodeSets do not handle all error cases. This can lead to a NULL pointer dereference...

GSD-2022-1000408 xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create

xprtrdma: fix pointer derefs in error cases of rpcrdmaepcreate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.102 by commit...

Memory leak in decoding PNG images

Impact When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling png::CommonFreeDecode&decode. However, several error case in the function...

CVE-2019-15900

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...

Command injection

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...

CVE-2019-15900

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...