PT-2022-34933 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.6 Description: The issue is related to a null pointer access problem when the sfb init function fails. This problem was introduced in version v2.6.39 and is fixed in version v6.0.6. Recommendations: For Lin...

Pool designed to be upgradeable but does not set owner, making it unupgradeable

Lines of code Vulnerability details Description The docs state: "The pool allows user to predeposit ETH so that it can be used when a seller takes their bid. It uses an ERC1967 proxy pattern and only the exchange contract is permitted to make transfers." Pool is designed as an ERC1967 upgradeable...

PT-2022-34872 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.7 Description: The issue is related to a missing memcpy in kasan init, which may potentially lead to security vulnerabilities. The actual impact and attack plausibility have not yet been proven...

Initialization function can be front-run

Lines of code Vulnerability details Detailed description of the impact of this finding: Exchange.sol has initialization function that can be front-run, allowing an attacker to incorrectly initialize the contract. Due to the use of the delegatecall proxy pattern, Exchange.sol cannot be initialized...

CVE-2022-36349

Insecure default variable initialization in BIOS firmware for some IntelR NUC Boards and IntelR NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access...

Default configuration

Insecure default variable initialization in BIOS firmware for some IntelR NUC Boards and IntelR NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2022-36349

CVE-2022-36349 refers to insecure default variable initialization in BIOS firmware for Intel NUC Boards/Kits prior to MYi30060. The issue can allow an authenticated local user to cause denial of service. Intel’s advisory lists affected SKUs and firmware updates, recommending upgrading to MYi30060...

PT-2022-23323 · Intel · Intel Nuc Boards +1

Name of the Vulnerable Software and Affected Versions: IntelR NUC Boards and IntelR NUC Kits versions prior to MYi30060 Description: The issue is related to insecure default variable initialization in BIOS firmware, which may allow an authenticated user to potentially enable denial of service via...

Intel NUC 安全漏洞

The Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in versions prior to IntelR NUC 11 Pro Kits and IntelR NUC 11 Pro Boards TNTGL357.0064, which stems from improper initialization of their BIOS firmware allowing authenticated users to potentially...

CVE-2022-39393

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously ...

Uninitializing Bridge Contracts' State Variables

Lines of code Vulnerability details Vulnerability Details The L1ERC20Bridge and L1EthBridge are implementation contracts that would be delegatecalled by their corresponding proxy contracts. In other words, all state variables and assets would be stored in the proxy contracts. In contrast, the...

PT-2025-13284

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking issue in the Linux kernel's f2fs file system has been resolved. The problem occurred because spin lock&sbi-error lock was called before spin lock init was called, resulting in ...

Unsafe Initializations Of Bridge Contracts

Lines of code Vulnerability details Vulnerability Details During the zkSync initialization process, several complicated tasks would be required to execute. Incorrect configurations in some tasks could lead to unexpected vulnerabilities. One task of the zkSync initialization process is deploying a...

kernel: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()

A flaw was found in the virtio-gpu module in the Linux kernel. If the initialization fails, for example, due to a fault injection, a missing check in the virtiogpuarrayputfree function can cause a NULL pointer dereference, resulting in a denial of service...

kernel: ath9k_htc: fix uninit value bugs

In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htcconnectservice svcmetalen and pad are not initialized. Based on code it looks like in current sk...

kernel: RDMA/hfi1: Prevent use of lock before it is initialized

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent use of lock before it is initialized If there is a failure during probe of hfi1 before the sdmamaplock is initialized, the call to hfi1freedevdata will attempt to use a lock that has not been initialized. If th...

Siemens SIMATIC S7-1500 Improper Initialization (CVE-2020-8744)

Improper initialization in subsystem for IntelR CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE versions before 4.0.30 IntelR SPS versions before E305.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. This plugin...

PT-2022-24952 · Wasmtime · Wasmtime

Name of the Vulnerable Software and Affected Versions: Wasmtime versions prior to 2.0.2 Description: There is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance, the initial heap snapshot of the prior instance can be...

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions 3.2.0 and later through 4.4.1 and earlier, which stems from an exception set to support multiple inheritance that breaks the expectation of a...

CVE-2022-39384 OpenZeppelin Contracts initializer reentrancy may lead to double initialization

OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external cal...