29 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - In fuse: Access to the “folio” field was blocked due to an overflow issue. - syz reported a slab-out-of-bounds Write operation in fusedevdowrite. When the number of bytes to be retrieved is truncated to the upper limit by...
EUVD-2018-3574
Malware in sbrugna...
EUVD-2025-30848
Malicious code in bioql PyPI...
EUVD-2022-0283
Malicious code in bioql PyPI...
CVE-2025-39888
In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fusedevdowrite. When the number of bytes to be retrieved is truncated to the upper limit by fc-maxpages and there is an offset, the oob is triggered...
DEBIAN-CVE-2025-39888
In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fusedevdowrite. When the number of bytes to be retrieved is truncated to the upper limit by fc-maxpages and there is an offset, the oob is triggered...
CVE-2025-39888
CVE-2025-39888 concerns a Linux kernel issue in fuse: Block access to folio overlimit. A slab-out-of-bounds write occurred in fuse_dev_do_write when the OOB condition could trigger if bytes to retrieve are truncated to fc->max_pages and an offset is present. The root cause was not fully detail...
CVE-2025-39888 fuse: Block access to folio overlimit
In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fusedevdowrite. When the number of bytes to be retrieved is truncated to the upper limit by fc-maxpages and there is an offset, the oob is triggered...
CVE-2025-39888 fuse: Block access to folio overlimit
In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fusedevdowrite. When the number of bytes to be retrieved is truncated to the upper limit by fc-maxpages and there is an offset, the oob is triggered...
PT-2025-39145
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to fuse. Specifically, a slab-out-of-bounds write condition was identified in the fuse dev do write function. This issue occurs when the number o...
Linux Distros Unpatched Vulnerability : CVE-2024-36288
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gssfreeintokenpages The intoken-pages array is not...
CVE-2025-47868 Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.
Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active...
CVE-2018-11547
mdislinkreferencedefinitionhelper in md4c 0.2.5 has a heap-based buffer over-read because mdislinklabel mishandles loop termination...
AZL-49887 CVE-2024-46863 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
...
SUSE CVE-2024-36288
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gssfreeintokenpages The intoken-pages array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range 0x04a2013400000008-0x04a20134000000...
AZL-42850 CVE-2024-36288 affecting package kernel for versions less than 5.15.162.2-1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gssfreeintokenpages The intoken-pages array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range 0x04a2013400000008-0x04a20134000000...
CVE-2024-36288 SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gssfreeintokenpages The intoken-pages array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range 0x04a2013400000008-0x04a20134000000...
The vulnerability of the vringh_kiov_advance() function in the drivers/vhost/vringh.c module of the Linux kernel’s vhost driver allows a attacker to cause a service failure.
The vulnerability of the vringhkiovadvance function in the drivers/vhost/vringh.c module of the Linux kernel’s driver lies in the lack of control over the condition under which the loop ends. Exploiting this vulnerability could allow an attacker to cause a service failure...
DEBIAN-CVE-2023-1108
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...