Lucene search
K

1390 matches found

OSV
OSV
added 2024/12/24 12:15 p.m.5 views

AZL-54936 CVE-2024-53156 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...

7.8CVSS6.3AI score0.00232EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/11/14 6:9 p.m.9 views

zlib-rs stack overflow during decompression with malicious input

A denial of service vulnerability was found in zlib-rs, triggered by specially constructed input. This input causes a stack overflow, resulting in the process using zlib-rs to crash. Impact Due to the way LLVM handles the zlib-rs codebase, tail calls were not guaranteed. This caused certain input...

7.6AI score
Exploits0References3Affected Software3
CVE
CVE
added 2024/11/05 5:7 p.m.104 views

CVE-2024-50100

CVE-2024-50100 affects the Linux kernel USB gadget dummy-hcd driver. A change to use hrtimers introduced a mismatch between timer_pending() and hrtimer_active(), causing the URB dequeue path to miss a restarted timer and leading to usb_kill_urb() hangs. The fix adds a dedicated timer_pending flag...

5.5CVSS5.3AI score0.00233EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.2 views

PT-2024-40616 · Git +1 · H3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow WRITE 8 crash has been reported. The crash occurs in the polygonToCellsExperimental function, as indicated by the fuzzer...

7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.3 views

PT-2024-40601 · Git +1 · H3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow WRITE 8 crash has been reported. The crash occurs in the polygonToCellsExperimental function, as indicated by the fuzzer report fr...

7AI score
Exploits0References2
GoogleProjectZero
GoogleProjectZero
added 2024/10/03 12:0 a.m.23 views

Effective Fuzzing: A Dav1d Case Study

Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, an...

8.8CVSS8.1AI score0.01835EPSS
Exploits0
OSV
OSV
added 2024/10/01 12:0 a.m.9 views

PUB-A-299775134

In smsExtractCbLanguage of smsCellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS7.2AI score0.00207EPSS
Exploits0References1
Talos Blog
Talos Blog
added 2024/08/28 4:0 p.m.40 views

Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. The first post highlighted code modifications necessary for developing a fuzzing harness tailored for the µC/HTTP-server. The second discussed a techniqu...

8AI score
Exploits0
CVE
CVE
added 2024/08/21 6:9 a.m.68 views

CVE-2022-48869

CVE-2022-48869 concerns the Linux kernel gadgetfs USB driver. The issue arises from a race between gadgetfs_fill_super() (mount path) and gadgetfs_kill_sb() (unmount path), where the_device could be deallocated while gadgetfs_fill_super() still uses it, resulting in a use-after-free. The provided...

4.7CVSS6.5AI score0.00232EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/08/21 6:9 a.m.25 views

CVE-2022-48869 USB: gadgetfs: Fix race between mounting and unmounting

In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in the gadgetfs driver, involving processes concurrently mounting and unmounting the gadgetfs filesyste...

0.00232EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.4 views

PT-2024-40825 · Git +1 · Kimageformats

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write error. Technical details include a crash type of Heap-buffer-overflow WRITE 1. The crash state...

6.9AI score
Exploits0References2
OSV
OSV
added 2024/07/16 1:15 p.m.8 views

UBUNTU-CVE-2022-48834

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0 WARNING: CPU: 0 PID: 3813 at...

7.8CVSS5.8AI score0.0026EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/07/16 12:25 p.m.27 views

CVE-2022-48838 usb: gadget: Fix use-after-free bug by not setting udc->dev.driver

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc-dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in devuevent+0x712/0x780 drivers/base/core.c:2320 Read of size 8 at addr ffff88802b934098 ...

0.00233EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/07/16 12:25 p.m.39 views

CVE-2022-48834 usb: usbtmc: Fix bug in pipe direction for control transfers

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0 WARNING: CPU: 0 PID: 3813 at...

0.0026EPSS
Exploits0References5
CVE
CVE
added 2024/07/16 12:25 p.m.86 views

CVE-2022-48834

CVE-2022-48834 refers to a Linux kernel issue in the usb: usbtmc driver where usbtmc_ioctl_request incorrectly used usb_rcvctrlpipe() for all transfers (in or out). The fix separates control transfers by direction. The vulnerability impact described is a local issue tied to incorrect control pipe...

7.8CVSS7.8AI score0.0026EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.3 views

PT-2024-40807 · Git +1 · Openssl

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a null-dereference read crash. Technical details include a crash type of null-dereference READ and a crash state involving do evp...

6.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/12 12:37 p.m.13 views

CVE-2024-40996 bpf: Avoid splat in pskb_pull_reason

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskbpullreason syzkaller builds CONFIGDEBUGNET=y frequently trigger a debug hint in pskbmaypull. We'd like to retain this debug check because it might hint at integer overflows and other issues kernel code...

6.9AI score0.00279EPSS
Exploits0References4
OSV
OSV
added 2024/07/05 7:15 a.m.6 views

AZL-43267 CVE-2024-39472 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy hsize fixup Commit a70f9fe52daa "xfs: detect and handle invalid iclog size set by mkfs" added a fixup for incorrect hsize values used for the initial umount record in old...

5.5CVSS6.5AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 11:10 a.m.20 views

BIT-BPFTOOL-2021-45940

libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow 4 bytes in bpfobjectopen called from bpfobjectopenmem and bpf-object-fuzzer.c...

6.5CVSS6.7AI score0.01132EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2024/06/20 2:1 p.m.23 views

CVE-2024-38618

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...

4.4CVSS6.9AI score0.00642EPSS
Exploits0References4
Rows per page
Query Builder