CVE-2025-21750

CVE-2025-21750 affects the Linux kernel wifi driver brcmfmac. The issue results from not validating the return value of of_property_read_string_index(), which can leave tmp uninitialized when a property is missing, leading to a kernel crash (BUG/OOPS) from passing a random pointer to devm_kstrdup...

CVE-2025-21750 wifi: brcmfmac: Check the return value of of_property_read_string_index()

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of ofpropertyreadstringindex Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitialized, so we pass a random...

CVE-2022-48769

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...

CVE-2022-48769 efi: runtime: avoid EFIv2 runtime services on Apple x86 machines

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...

CVE-2022-48769

In CVE-2022-48769, the Linux kernel vulnerability concerns Apple x86 EFI runtime services. The issue stems from a call to QueryVariableInfo() (added with EFI 2.00) used at runtime, which could crash firmware on certain Apple machines when managing NVRAM variables. The mitigation described is to a...

CVE-2022-48769

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...

Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow

Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=724 nvAPIClient::Escape is the sole external method of nvAcclerator userclient type 0x2a0. It implements its own method and parameter demuxing using the struct-in...

Apple Mac OSX Kernel - Null Pointer Dereference in AppleGraphicsDeviceControl

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=782 AppleGraphicsDeviceControlClient doesn't check that its pointer to its IOService at this+0xd8 is non-null before using it in all external methods. We can set this pointer to NULL by racing two threads, one of which calls...

Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=783 The method AppleGraphicsControlClient::checkArguments does actually appear to test whether the pointer at this+0xd8 is non-null, but uses it anyway : We can race external methods which call this with another thread calling...

Apple Mac OSX Kernel - Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=709 nvDevice::ReleaseDeviceTexture is external method 0x10a of userclient 5 of the geforce IOAccelerator. It takes a single uint argument text:000000000001BCD2 mov r14d, esi ... text:000000000001BD08 and r14d, 7FFFFFFFh -- clear...