1716 matches found
CVE-2024-26964
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhcimapurbfordma Currently xhcimapurbfordma creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzallocnode fails, then the following sgpcopytobuffer can lead to...
CVE-2024-26964 usb: xhci: Add error handling in xhci_map_urb_for_dma
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhcimapurbfordma Currently xhcimapurbfordma creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzallocnode fails, then the following sgpcopytobuffer can lead to...
kernel: HID: hyperv: avoid struct memcpy overrun warning
A compiler warning issue was found in the Linux kernel's Hyper-V HID driver that could lead to potential memory safety issues. A local user can trigger this issue when the fortified memcpy implementation detects potential buffer overflows in the mousevsconreceive function, where the compiler cann...
SUSE CVE-2022-48632
In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction memcpy is called in a loop while 'operation-length' upper bound is not checked and 'dataidx' also increments...
CVE-2022-48632
A flaw was found in the Linux kernel. The following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction...
CVE-2022-48632
In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction memcpy is called in a loop while 'operation-length' upper bound is not checked and 'dataidx' also increments...
CVE-2022-48632
In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction memcpy is called in a loop while 'operation-length' upper bound is not checked and 'dataidx' also increments...
CVE-2022-48632 i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()
In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction memcpy is called in a loop while 'operation-length' upper bound is not checked and 'dataidx' also increments...
CVE-2022-48632
CVE-2022-48632 — The Linux kernel flaw in the i2c mlxbf driver allows a stack overflow via an unbounded memcpy loop in mlxbf_i2c_smbus_start_transaction() because the upper bound of operation->length is not checked and data_idx increments. Public docs in connected Nessus advisories reference t...
CVE-2022-48632 i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()
In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction memcpy is called in a loop while 'operation-length' upper bound is not checked and 'dataidx' also increments...
The vulnerability of the netfilter component in the Linux operating system’s kernel allows a hacker to induce a service failure.
The vulnerability of the netfilter component in the Linux operating system’s kernel is related to a break in the memcpy function when connlimit is used in elements of the set. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2023-4232
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodestatusreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...
CVE-2023-4232 Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_status_report() function
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodestatusreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...
UBUNTU-CVE-2024-26907
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------ cut here ------------ memcpy: detected field-spanning write size 56 of single field "eseg-inlinehdr.start" at...
CVE-2024-26907 RDMA/mlx5: Fix fortify source warning while accessing Eth segment
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------ cut here ------------ memcpy: detected field-spanning write size 56 of single field "eseg-inlinehdr.start" at...
SUSE CVE-2024-26733
In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arpreqget. syzkaller reported an overflown write in arpreqget. 0 When ioctlSIOCGARP is issued, arpreqget looks up an neighbour entry and copies neigh-ha to struct arpreq.arpha.sadata. The arpha here is...
SUSE CVE-2024-26753
In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix stack overflow on memcpy sizeofstruct virtiocryptoakciphersessionpara is less than sizeofstruct virtiocryptoopctrlreq::u, copying more bytes from stack variable leads stack overflow. Clang reports th...
CVE-2021-47191
In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreadcap16 The following warning was observed running syzkaller: 3813.830724 sgwrite: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in; 3813.830724 program...
CVE-2021-47219
In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreporttgtpgs The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 inline BUG: KASAN: slab-out-of-bounds in...
CVE-2021-47219
CVE-2021-47219 involves the Linux kernel SCSI subsystem, specifically the scsi_debug path, where an out-of-bounds read occurs in resp_report_tgtpgs() due to an incorrect handling of lengths. The issue can manifest as a negative alen when userspace supplies a large length, enabling a slab/read bou...