CVE-2024-49901

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msmgpu-pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 "drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails" where msmgpucleanup :...

BIT-ENVOY-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...

CVE-2024-45809

A flaw was found in Envoy. JWT filter will lead to a crash in Envoy when clearing the route cache with remote JWKs in the following cases: 1. Remote JWKs are used, which requires async header processing 2. clearroutecache is enabled on the provider 3. Header operations are enabled in JWT filter,...

CVE-2024-38390

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xxdestroy before adrenogpuinit leads to a null pointer dereference on: msmgpucleanup : platformsetdrvdatagpu-pdev, NULL; as gpu-pdev is only assigned...

CVE-2024-38390 drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xxdestroy before adrenogpuinit leads to a null pointer dereference on: msmgpucleanup : platformsetdrvdatagpu-pdev, NULL; as gpu-pdev is only assigned...

CVE-2024-38390

CVE-2024-38390 affects the Linux kernel DRM/MSM a6xx path. The vulnerability arises when speedbin setting fails, causing a null pointer dereference during cleanup if msm_gpu_init() did not complete (gpu->pdev is only assigned in a6xx_gpu_init -> adreno_gpu_init -> msm_gpu_init). The cano...

CVE-2024-38390 drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xxdestroy before adrenogpuinit leads to a null pointer dereference on: msmgpucleanup : platformsetdrvdatagpu-pdev, NULL; as gpu-pdev is only assigned...

Moderate: Red Hat Security Advisory: protobuf security update

An update for protobuf is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2024-35945

In the Linux kernel, the following vulnerability has been resolved: net: phy: phydevice: Prevent nullptr exceptions on ISR If phydev-irq is set unconditionally, check for valid interrupt handler or fall back to polling mode to prevent nullptr exceptions in interrupt service routine...

CVE-2024-35945 net: phy: phy_device: Prevent nullptr exceptions on ISR

In the Linux kernel, the following vulnerability has been resolved: net: phy: phydevice: Prevent nullptr exceptions on ISR If phydev-irq is set unconditionally, check for valid interrupt handler or fall back to polling mode to prevent nullptr exceptions in interrupt service routine...

CVE-2024-35945

CVE-2024-35945 (Linux kernel) is reported as resolved in OSV entries for Root:Ubuntu 22.04 via ROOT-OS-UBUNTU-2204-CVE-2024-35945, with multiple fixed ROOT rootio-linux versions available. Other OSVs (ROOT-OS-DEBIAN-11-CVE-2024-35945, ROOT-OS-DEBIAN-12-CVE-2024-35945) also indicate patches in roo...

BIT-TENSORFLOW-2020-15191 Undefined behavior in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

BIT-TENSORFLOW-2021-41214 Reference binding to `nullptr` in `tf.ragged.cross`

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

BIT-TENSORFLOW-2022-35965 Segfault in `LowerBound` and `UpperBound` in TensorFlow

TensorFlow is an open source platform for machine learning. If LowerBound or UpperBound is given an emptysortedinputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

BIT-TENSORFLOW-2023-25676 TensorFlow has null dereference on ParallelConcat with XLA

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...

Denial Of Service

paddlepaddle is vulnerable to Denial Of Service DoS. The vulnerability is caused due to a nullptr exception in paddle.putalongaxis. The attacker can trigger a runtime crash which would result to DoS...

Denial Of Service

PaddlePaddle is vulnerable to Denial Of Service. The vulnerability is due to a nullptr exception in paddle.dot. This can cause a runtime crash resulting in Denial of Service...

GHSA-QPPW-C37G-XWCC PaddlePaddle nullptr dereference in paddle.crop

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...

PaddlePaddle nullptr dereference in paddle.crop

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...

PaddlePaddle segfault in paddle.put_along_axis

Nullptr in paddle.putalongaxis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...