Lucene search
K

40 matches found

OSV
OSV
added 2025/10/28 12:15 p.m.8 views

AZL-68846 CVE-2025-40052 affecting package kernel for versions less than 6.6.112.1-2

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifssgsetbuf helper that converts vmalloc'd memory to their...

5.8AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/10/28 12:15 p.m.3 views

UBUNTU-CVE-2025-40052

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifssgsetbuf helper that converts vmalloc'd memory to their...

5.8AI score0.00197EPSS
Exploits0References22
CVE
CVE
added 2025/10/28 11:48 a.m.26 views

CVE-2025-40052

CVE-2025-40052 (Linux kernel, SMB/CIFS crypto path) fixes a bug where aead_request context could end up in vmalloc memory, causing sg_set_buf() to crash when virt_addr_valid(buf) fails under heavy parallel I/O. Root cause: creq allocation used kvzalloc(), potentially placing __ctx in vmalloc area...

6.2AI score0.00197EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/28 11:48 a.m.5 views

EUVD-2025-36476

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifssgsetbuf helper that converts vmalloc'd memory to their...

6AI score0.00197EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/28 11:48 a.m.4 views

CVE-2025-40052 smb: client: fix crypto buffers in non-linear memory

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifssgsetbuf helper that converts vmalloc'd memory to their...

0.00197EPSS
Exploits0References4
OSV
OSV
added 2025/10/28 11:48 a.m.5 views

CVE-2025-40052 smb: client: fix crypto buffers in non-linear memory

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifssgsetbuf helper that converts vmalloc'd memory to their...

6.5AI score0.00197EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2025/10/28 11:48 a.m.2 views

CVE-2025-40052

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifssgsetbuf helper that converts vmalloc'd memory to their...

5.4AI score0.00197EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-40052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this...

6.7AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.7 views

PT-2025-44120

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the SMB client related to cryptographic buffers in non-linear memory. The crypto API, specifically through the scatterlist API, requires input...

4.9CVSS6AI score0.00197EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:29 a.m.8 views

CVE-2023-26489

wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x8664 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug mea...

9.9CVSS9.6AI score0.01251EPSS
Exploits0References1
CVE
CVE
added 2024/11/09 10:15 a.m.132 views

CVE-2024-50252

CVE-2024-50252 describes a memory leak in the Linux kernel mlxsw spectrum_ipip implementation when changing the remote IPv6 address of an ip6gre net device. The root cause is that the driver failed to add the new address to its hash table and did not remove the old one, leading to leaks and a war...

5.5CVSS5.2AI score0.00218EPSS
Exploits0References5Affected Software1
Mageia
Mageia
added 2023/04/15 7:3 p.m.35 views

Updated libheif packages fix security vulnerability

Vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. CVE-2023-0996...

7.8CVSS7.7AI score0.00307EPSS
Exploits0References3
Redos
Redos
added 2023/03/22 12:0 a.m.26 views

ROS-20230322-01

A vulnerability in the HEIF and AVIF libheif file format decoder is related to the data parsing code of strided images in the emscripten wrapper for libheif. Exploitation of the vulnerability could allow an attacker acting remotely to use a specially crafted image file to cause a buffer overflow ...

7.8CVSS7.7AI score0.00307EPSS
Exploits0
OSV
OSV
added 2023/02/24 4:15 a.m.1 views

DEBIAN-CVE-2023-0996

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call...

7.8CVSS7.5AI score0.00307EPSS
Exploits0References1
Prion
Prion
added 2023/02/24 4:15 a.m.20 views

Buffer overflow

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call...

4.4CVSS7.7AI score0.00307EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/10 8:15 p.m.14 views

Out-of-bounds

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

4CVSS7.4AI score0.00577EPSS
Exploits0References2Affected Software1
RustSec
RustSec
added 2022/11/10 12:0 p.m.24 views

Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...

7.4CVSS1AI score0.00577EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2022/11/10 12:0 p.m.18 views

Bug in pooling instance allocator

bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. Mitigations are described here...

8.6CVSS1.6AI score0.00657EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/11/10 12:0 p.m.50 views

RUSTSEC-2022-0076 Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...

7.4CVSS6.4AI score0.00577EPSS
Exploits0References4
OSV
OSV
added 2022/11/10 12:0 p.m.38 views

RUSTSEC-2022-0075 Bug in pooling instance allocator

bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. Mitigations are described here...

8.6CVSS8.4AI score0.00657EPSS
Exploits0References5
Rows per page
Query Builder