Linux Distros Unpatched Vulnerability : CVE-2024-26817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow. CVE-2024-26817 Note...

kernel: Integer overflow when using kzalloc in vfio driver

The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfiopciintrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine...