10 matches found
CVE-2026-52948
In the Linux kernel, the following vulnerability has been resolved: i2c: dev: prevent integer overflow in I2CTIMEOUT ioctl While fuzzing with Syzkaller, a persistent scheduletimeout: wrong timeout value warning was observed, accompanied by SMBus controller state machine corruption. The I2CTIMEOUT...
FreeBSD -- Integer overflow in vt(4) CONS_HISTORY ioctl
Problem Description: The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of...
Linux Distros Unpatched Vulnerability : CVE-2026-46294
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm- ioctl in the function retrievestatus: 1. The code in...
SAMSUNG Mobile Processor 安全漏洞
SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor that stems from improper handling of NL80211 vendor commands, which could result in a buffer overflow during processing of IOCTL messages. The following...
DEBIAN-CVE-2024-49994
In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blkioctldiscard but for secure erase. Same problem: uint64t r2 = 512,...
SUSE CVE-2024-41000
In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: 62.982337 ------------ cut here ------------ 62.985692 cgroup: Invalid name 62.986211...
SUSE CVE-2024-36917
In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blkioctldiscard There is no check for overflow of 'start + len' in blkioctldiscard. Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000...
CVE-2021-42988
Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...
CVE-2018-19086
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges...
kernel: drivers/scsi/mpt2sas: prevent heap overflows
Integer overflow in the ctldomptcommand function in drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service memory corruption via an ioctl call specifying a crafted value that triggers a heap-based buffer...