Potential PirexReward's producerTokens's rewardToken unsynced with PirexGmx rewardToken can miss calculate the actual reward for user

Lines of code Vulnerability details Impact Potential PirexReward's producerTokens's rewardToken unsynced with PirexGmx rewardToken can miss calculate the actual reward for user Proof of Concept PirexReward initialization does not include rewardToken initialization for producerTokens. Meanwhile...

PT-2022-7681

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the amdgpu module. This vulnerability may allow an attacker to impact the confidentiality,...

CVE-2022-30771

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in:...

kernel: RDMA/cm: Fix memory leak in ib_cm_insert_listen

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ibcminsertlisten cmallocidpriv allocates resource for the cmidpriv. When cminitlisten fails it doesn't free it, leading to memory leak. Add the missing error unwind...

kernel: RDMA/hfi1: Prevent use of lock before it is initialized

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent use of lock before it is initialized If there is a failure during probe of hfi1 before the sdmamaplock is initialized, the call to hfi1freedevdata will attempt to use a lock that has not been initialized. If th...

kernel: ath9k_htc: fix uninit value bugs

In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htcconnectservice svcmetalen and pad are not initialized. Based on code it looks like in current sk...

kernel: sock: redo the psock vs ULP protection check

In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 "sock: Introduce sk-skprot-psockupdateskprot" has moved the inetcskhasulpsk check from skpsockinit to the new tcpbpfupdateproto function. I'm guessing that this was...

kernel: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()

A flaw was found in the virtio-gpu module in the Linux kernel. If the initialization fails, for example, due to a fault injection, a missing check in the virtiogpuarrayputfree function can cause a NULL pointer dereference, resulting in a denial of service...

GSD-2022-1007653 clk: tegra20: Fix refcount leak in tegra20_clock_init

clk: tegra20: Fix refcount leak in tegra20clockinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.331 by commit...

GSD-2022-1007559 iommu/vt-d: Clean up si_domain in the init_dmars() error path

iommu/vt-d: Clean up sidomain in the initdmars error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.298 by commit...

GSD-2022-1007387 Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()

Bluetooth: L2CAP: initialize delayed works at l2capchancreate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.220 by commit...

GSD-2022-1007140 arm64: mte: move register initialization to C

arm64: mte: move register initialization to C This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.76 by commit...

GSD-2022-1006904 arm64: mte: move register initialization to C

arm64: mte: move register initialization to C This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

PT-2022-35469 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: A potential memory leak was identified in the rtw init cmd priv function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions pri...

Pool is not initialized correctly

Lines of code Vulnerability details Impact Pool has no owner and will be un-upgradeable. Proof of Concept Pool does not provide an initialize interface to initialize the owner, so the owner will never be set. Pool as a UUPSUpgradeable can not be upgraded without a valid owner. Tools Used n/a...

PT-2022-34976 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A potential memory leak was identified in the rtw init drv sw function of the rtl8723bs driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

PT-2022-35159 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns the initialization of registers in the arm64 architecture, specifically related to the MTE Memory Tagging Extension feature. The actual impact and potential for attacks hav...

PT-2022-34884 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.7 Description: The issue is related to a use-after-free UAF problem in the nfqnl nf hook drop function when ops init fails. The actual impact and attack plausibility have not yet been proven. Recommendation...

PT-2022-35258 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: A potential memory leak was identified in the rtw init cmd priv function of the rtl8723bs driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

PT-2022-35385 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the btrfs file system, where the generation is not set before calling btrfs clean tree block in btrfs init new buffer. This could potentially lead to security...