2053 matches found
UBUNTU-CVE-2023-31974
DISPUTED yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...
kernel: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfptunneladdsharedmac idasimpleget returns an id between min 0 and max NFPMAXMACINDEX inclusive. So NFPMAXMACINDEX 0xff is a valid id. In order for the error handling path to work correctly, t...
kernel: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
A flaw was found in the Linux kernel's ASoC da7219 audio codec driver. An error handling path in da7219registerdaiclks incorrectly attempts to unregister a clock that was never successfully registered. This could lead to incorrect resource cleanup during driver probe failure, potentially causing...
kernel: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
A flaw was found in the qedr module in the Linux kernel. A missing release of allocated memory when an error occurs will cause a memory leak, potentially impacting system performance and resulting in a denial of service...
kernel: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path
In the Linux kernel, the following vulnerability has been resolved: can: etases58x: es58xrxerrmsg: fix memory leak in error path In es58xrxerrmsg, if can-dosetmode fails, the function directly returns without calling netifrxskb. This means that the skb previously allocated by alloccanerrskb is no...
kernel: PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
In the Linux kernel, the following vulnerability has been resolved: PCI: microchip: Fix refcount leak in mcpcieinitirqdomains ofgetnextchild returns a node pointer with refcount incremented, so we should use ofnodeput on it when we don't need it anymore. mcpcieinitirqdomains only calls ofnodeput ...
kernel: firmware: sysfb: fix platform-device leak in error path
In the Linux kernel, the following vulnerability has been resolved: firmware: sysfb: fix platform-device leak in error path Make sure to free the platform device also in the unlikely event that registration fails...
SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2023:0778-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0778-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. - CVE-2022-36280: Fixed out-of-bounds...
GSD-2023-1002411 net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
net/usb: kalmia: Don't pass actlen in usbbulkmsg error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.273 by commit...
GSD-2023-1002346 net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
net/usb: kalmia: Don't pass actlen in usbbulkmsg error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.95 by commit...
GSD-2023-1002305 net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
net/usb: kalmia: Don't pass actlen in usbbulkmsg error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.13 by commit...
PT-2023-35381 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.13 Description: The issue is related to the usb bulk msg function in the Linux Kernel's USB subsystem. It involves passing act len in the error path, which may have potential security implications. The actu...
CVE-2023-22995
In the Linux kernel before 5.17, an error path in dwc3qcomacpiregistercore in drivers/usb/dwc3/dwc3-qcom.c lacks certain platformdeviceput and kfree calls...
CVE-2023-22995
In the Linux kernel before 5.17, an error path in dwc3qcomacpiregistercore in drivers/usb/dwc3/dwc3-qcom.c lacks certain platformdeviceput and kfree calls...
SUSE CVE-2008-3914
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in 1 libclamav/others.c and 2 libclamav/sis.c...
SUSE CVE-2012-4561
The 1 publickeymakedss, 2 publickeymakersa, 3 signaturefromstring, 4 sshdosign, and 5 sshsignsessionid functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service crash via unspecified vectors...
SUSE CVE-2016-9534
tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1 that didn't reset the tifrawcc and tifrawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."...
SUSE CVE-2020-11743
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOPmapgrant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to retur...
SUSE CVE-2022-26354
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0...
SUSE CVE-2022-42309
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be...