3088 matches found
smb: client: let recv_done verify data_offset, data_length and remaining_data_length
...
ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer
...
CVE-2023-53575
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWLSECWEPKEYOFFSET when needed while verifying keylen size in iwlmvmseckeyadd...
CVE-2022-50507
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access...
UBUNTU-CVE-2022-50507
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access...
UBUNTU-CVE-2023-53598
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range check CHDBOFF and ERDBOFF If the value read from the CHDBOFF and ERDBOFF registers is outside the range of the MHI register space then an invalid address might be computed which later causes a kernel panic...
UBUNTU-CVE-2022-50478
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfssb2badoffset Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount time". The first patch fixes a bug reported by syzbot, and the second one fixes the remaining bug...
UBUNTU-CVE-2023-53575
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWLSECWEPKEYOFFSET when needed while verifying keylen size in iwlmvmseckeyadd...
CVE-2023-53601
CVE-2023-53601 is a Linux kernel vulnerability in the bonding driver where code could assume skb_mac_header is set in ndo_start_xmit, risking invalid skb handling. The fixed description states that skb->data is sufficient and bonding must not rely on mac_header. Concrete details appear in conn...
CVE-2022-50507 fs/ntfs3: Validate data run offset
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access...
CVE-2022-50507 fs/ntfs3: Validate data run offset
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access...
CVE-2022-50507
CVE-2022-50507 : Linux kernel ntfs3 data run offset validation bug. The issue arises from insufficient sanity checks when unpacking NTFS data runs, potentially enabling a use-after-free or out-of-bounds memory access during mount operations. The vulnerability is fixed by adding data-run offset va...
CVE-2023-53575 wifi: iwlwifi: mvm: fix potential array out of bounds access
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWLSECWEPKEYOFFSET when needed while verifying keylen size in iwlmvmseckeyadd...
CVE-2023-53575
In CVE-2023-53575, the Linux kernel wifi driver (iwlwifi, mvm) fixes a potential array out-of-bounds access by accounting for IWL_SEC_WEP_KEY_OFFSET when verifying key_len in iwl_mvm_sec_key_add(). The fix is implemented in the kernel code referenced in the stable commits: https://git.kernel.org/...
CVE-2023-53575 wifi: iwlwifi: mvm: fix potential array out of bounds access
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWLSECWEPKEYOFFSET when needed while verifying keylen size in iwlmvmseckeyadd...
CVE-2022-50478 nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfssb2badoffset Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount time". The first patch fixes a bug reported by syzbot, and the second one fixes the remaining bug...
EUVD-2025-32384
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate dataoffset and datalength field of smbdirectdatatransfer If dataoffset and datalength of smbdirectdatatransfer struct are invalid, out of bounds issue could happen. This patch validate dataoffset and...
EUVD-2025-32400
In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...
AZL-75336 CVE-2025-39942 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: verify remainingdatalength respects maxfragmentedrecvsize This is inspired by the check for dataoffset + datalength...
CVE-2025-39933
In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...