UBUNTU-CVE-2024-26721

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC/DSCA PPS reg address Commit bd077259d0a9 "drm/i915/vdsc: Add function to read any PPS register" defines a new macro to calculate the DSC PPS register addresses with PPS number as a...

CVE-2024-26697 nilfs2: fix data corruption in dsync block recovery for small block sizes

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfsrecoverycopyblock of nilfsrecoverydsyncblocks, which recovers data from logs created by data sync writes during a mount after an...

CVE-2024-26697 nilfs2: fix data corruption in dsync block recovery for small block sizes

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfsrecoverycopyblock of nilfsrecoverydsyncblocks, which recovers data from logs created by data sync writes during a mount after an...

CVE-2024-26697

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfsrecoverycopyblock of nilfsrecoverydsyncblocks, which recovers data from logs created by data sync writes during a mount after an...

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in the Bento4 v1.6.0-641-2-g1529b83 release that stems from a denial of service issue in the AP4Sample::GetOffset method of the Ap4Sample.h file...

SUSE CVE-2024-26633

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: fix NEXTHDRFRAGMENT handling in ip6tnlparsetlvenclim syzbot pointed out 1 that NEXTHDRFRAGMENT handling is broken. Reading fragoff can only be done if we pulled enough bytes to skb-head. Currently we might access...

SUSE CVE-2024-26610

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwlfwinitriggertlv::data is a pointer to a le32, which means that if we copy to iwlfwinitriggertlv::data + offset while offset is in bytes, we'll write past the buffer...

DEBIAN-CVE-2024-26610

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwlfwinitriggertlv::data is a pointer to a le32, which means that if we copy to iwlfwinitriggertlv::data + offset while offset is in bytes, we'll write past the buffer...

UBUNTU-CVE-2024-26610

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwlfwinitriggertlv::data is a pointer to a le32, which means that if we copy to iwlfwinitriggertlv::data + offset while offset is in bytes, we'll write past the buffer...

BIT-TENSORFLOW-2021-29558 Heap buffer overflow in `SparseSplit`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

BIT-PILLOW-2021-25290

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...

The vulnerability of the __skb_flow_dissect() function in the networking component of the Linux operating system allows a attacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the skbflowdissect function in the net/core/flowdissector.c file of the Linux kernel’s network component is related to incorrect calculation of the network header offset. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality and...

SUSE CVE-2023-52577

In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccpv4err/dccpv6err again dh-dccphx is the 9th byte offset 8 in "struct dccphdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways no more assumptions...

CVE-2023-43553 Use of Out-of-range Pointer Offset in WLAN HOST

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE...

CVE-2023-43553 Use of Out-of-range Pointer Offset in WLAN HOST

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE...

CVE-2023-33066 Use of Out-of-range Pointer Offset in Audio

Memory corruption in Audio while processing RT proxy port register driver...

Linux kernel security vulnerabilities

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. The Linux kernel suffers from a security vulnerability that arises from the fact that dh-dccphx is the 9th byte offset 8 of "struct dccphdr" instead of the 7th byte...

SUSE CVE-2021-46940

In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix offset overflow issue in index converting The idxtooffset function returns type int 32-bit signed, but MSRPKGENERGYSTAT is u32 and would be interpreted as a negative number. The end result is that it hi...

UBUNTU-CVE-2021-47066

In the Linux kernel, the following vulnerability has been resolved: asyncxor: increase srcoffs when dropping destination page Now we support sharing one page if PAGESIZE is not equal stripe size. To support this, it needs to support calculating xor value with different offsets for each r5dev. One...

SUSE CVE-2021-46965

In the Linux kernel, the following vulnerability has been resolved: mtd: physmap: physmap-bt1-rom: Fix unintentional stack access Cast &data to char in order to avoid unintentionally accessing the stack. Notice that data is of type u32, so any increment to &data will be in the order of 4-byte...