48 matches found
CVE-2021-47139 net: hns3: put off calling register_netdev() until client initialize complete
In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling registernetdev until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case,...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in flushwork. This warning is caused by work-func == NULL, which means missing work initialization. This may happen, since inputdev-close...
VDA machines stuck at initializing for Hybrid Azure AD join and taking long time to register
Azure AD based machines stuck in the initializing state or taking 45 minutes to register...
Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead
Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight 8 incremental iterations of their credential harvesting malwa...
K15504: OpenSSH vulnerability CVE-2014-1692
Security Advisory Description The hashbuffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service memory corruption or have unspecifie...
GHSA-6692-8QQF-79JC Duplicate Advisory: `Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qwvx-c8j7-5g75. This link is maintained to preserve external references. Original Description Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read...
GSD-2022-1001196 mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
mptcp: Fix crash due to tcptsortedanchor was initialized before release skb This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...
GHSA-QWVX-C8J7-5G75 Use of Uninitialized Resource in tectonic_xdv
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
GHSA-RH89-X75F-RH3C Exposure of uninitialized memory in memoffset
Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references. They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was correcte...
GSD-2021-1001042 IB/mlx5: Fix initializing CQ fragments buffer
IB/mlx5: Fix initializing CQ fragments buffer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.11 by commit...
UVI-2021-1000964 IB/mlx5: Fix initializing CQ fragments buffer
IB/mlx5: Fix initializing CQ fragments buffer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.44 by commit...
GSD-2021-1000964 IB/mlx5: Fix initializing CQ fragments buffer
IB/mlx5: Fix initializing CQ fragments buffer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.44 by commit...
UVI-2021-1000904 IB/mlx5: Fix initializing CQ fragments buffer
IB/mlx5: Fix initializing CQ fragments buffer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.126 by commit...
UVI-2021-1000881 IB/mlx5: Fix initializing CQ fragments buffer
IB/mlx5: Fix initializing CQ fragments buffer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.195 by commit...
OSV-2021-689 UNKNOWN WRITE in Runtime_Release
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33689 Crash type: UNKNOWN WRITE Crash state: RuntimeRelease EvaluateExpression InitDataSegments...
RUSTSEC-2021-0043 PartialReader passes uninitialized memory to user-provided Read
Affected versions of this crate passed an uniniitalized buffer to a user-provided Read instance in PartialReader::read. This can result in safe Read implementations reading from the uninitialized buffer leading to undefined behavior. The flaw was fixed in commit 39d62c6 by zero-initializing the...
RUSTSEC-2021-0051 KeyValueReader passes uninitialized memory to Read instance
The KeyValueReader type in affected versions of this crate set up an uninitialized memory buffer and passed them to be read in to a user-provided Read instance. The Read instance could read uninitialized memory and cause undefined behavior and miscompilations. This issue was fixed in commit dd59b...
KeyValueReader passes uninitialized memory to Read instance
The KeyValueReader type in affected versions of this crate set up an uninitialized memory buffer and passed them to be read in to a user-provided Read instance. The Read instance could read uninitialized memory and cause undefined behavior and miscompilations. This issue was fixed in commit dd59b...
`Read` on uninitialized buffer may cause UB (`impl Walue for Vec<u8>`)
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
RUSTSEC-2021-0016 `IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...