Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mxs-dcp component failing to ensure that the payload field is zero when using a hardware key, resulting ...

DEBIAN-CVE-2024-38540

In the Linux kernel, the following vulnerability has been resolved: bnxtre: avoid shift undefined behavior in bnxtqpliballocinithwq Undefined behavior is triggered when bnxtqpliballocinithwq is called with hwqattr-auxdepth != 0 and hwqattr-auxstride == 0. In that case,...

The vulnerability of the Linux operating system’s kernel driver rtl8192u allows a hacker to trigger a memory leak.

The vulnerability of the rtl8192u driver in the Linux operating system is related to the failure to release resources after their useful life has expired. Exploiting this vulnerability allows an attacker to trigger a memory leak by using an 802.11 type Authentication frame with a status field tha...

PT-2024-28063

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.0-rc6+ Description A vulnerability in the Linux kernel has been resolved, specifically in the bnxt re module. The issue is related to undefined behavior when the bnxt qplib alloc init hwq function is called...

SUSE CVE-2023-38650

Multiple integer overflow vulnerabilities exist in the VZT vztrdblockvchdecode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

DEBIAN-CVE-2023-38650

Multiple integer overflow vulnerabilities exist in the VZT vztrdblockvchdecode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

DEBIAN-CVE-2023-38652

Multiple integer overflow vulnerabilities exist in the VZT vztrdblockvchdecode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

kernel: drm/amd/display: Check if modulo is 0 before dividing.

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check if modulo is 0 before dividing. How & Why If a value of 0 is read, then this will cause a divide-by-0 panic...

libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the...

SUSE CVE-2008-7316

mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service infinite loop via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length...

SUSE CVE-2015-1798

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC...

SUSE CVE-2016-2522

The dissectberconstrainedbitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafte...

SUSE CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file...

SUSE CVE-2017-7700

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size...

SUSE CVE-2017-15274

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted addkey or keyctl system call, a different...

SUSE CVE-2018-9263

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length...

SUSE CVE-2022-3924

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...

SUSE CVE-2022-35967

TensorFlow is an open source platform for machine learning. If QuantizedAdd is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89...

ALPINE-CVE-2022-3924

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...

UBUNTU-CVE-2022-3924

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...