533 matches found
CVE-2025-40301 Bluetooth: hci_event: validate skb length for unknown CC opcode
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...
CVE-2025-40301 Bluetooth: hci_event: validate skb length for unknown CC opcode
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...
CVE-2025-40301
CVE-2025-40301 affects the Linux kernel Bluetooth subsystem, specifically the HCI event handling path. The issue arises in hci_cmd_complete_evt() when an event has an unknown opcode: the code previously assumed skb->data[0] holds the return status, but parameter data may have already been pull...
CVE-2025-40301
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...
PT-2025-49433
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth implementation within the hci cmd complete evt function. Specifically, the code does not validate the length of the socket buffer skb before...
WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode
...
CVE-2025-64713
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...
CVE-2025-64713
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...
CVE-2025-64713 WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...
CVE-2025-64713 WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...
CVE-2025-40169
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject negative offsets for ALU ops When verifying BPF programs, the checkaluop function validates instructions with ALU operations. The 'offset' field in these instructions is a signed 16-bit integer. The existing check...
kernel: io_uring: prevent opcode speculation
In the Linux kernel, the following vulnerability has been resolved: iouring: prevent opcode speculation sqe-opcode is used for different tables, make sure we santitise it against speculations...
kernel: io_uring: prevent opcode speculation
In the Linux kernel, the following vulnerability has been resolved: iouring: prevent opcode speculation sqe-opcode is used for different tables, make sure we santitise it against speculations...
CVE-2025-21071
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
CVE-2025-21071
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
CVE-2025-21071
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
CVE-2025-21071
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
CVE-2025-21071
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
CVE-2025-21071
CVE-2025-21071 describes an out-of-bounds write in the fingerprint trustlet opcode handling, affecting Samsung Secure Element firmware prior to SMR Nov-2025 Release 1. The issue allows locally privileged attackers to write to memory outside allocated boundaries, with impact on confidentiality and...
SAMSUNG SMR 安全漏洞
SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung cell phone applications. A security vulnerability exists in SAMSUNG SMR prior to Nov-2025 Release 1, which stems from an out-of-bounds write when handling opcodes, which could lead...