CVE-2024-58132

CVE-2024-58132 affects chainmaker-go (ChainMaker) up to version 2.3.6, where multiple configuration updates on a single node can trigger concurrent reads/writes on a map, causing a panic. Public sources corroborate the issue across multiple catalogs (NVD/Red Hat/CIRCL), with the root cause descri...

CVE-2025-30077

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits...

Linux Distros Unpatched Vulnerability : CVE-2024-42271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody...

Linux Distros Unpatched Vulnerability : CVE-2021-47076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status ...

Linux Distros Unpatched Vulnerability : CVE-2022-48638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cgroup: cgroupgetfromid must check the looked-up kn is a directory cgroup has to be one kern...

Linux Distros Unpatched Vulnerability : CVE-2023-52872

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix race condition in status line change on dead connections gsmcleanupmux cleans...

CVE-2022-49506

The CVE-2022-49506 issue affects the Linux kernel DRM/Mediatek path, where a race between the vblank callback registration and disabling vblank could yield NULL callback data in the ovl IRQ path, risking kernel panic. The documented fix adds a vblank callback registration flow: register callback ...

CVE-2022-49429 RDMA/hfi1: Prevent panic when SDMA is disabled

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1CAPSDMA off, a call to hfi1writeiter will dereference a NULL pointer and panic. A typical stack frame is: sdmaselectuserengine hfi1...

CVE-2022-49101

CVE-2022-49101 entry is rejected by the CVE Numbering Authority and does not represent an active vulnerability.

CVE-2022-49049 mm/secretmem: fix panic when growing a memfd_secret

In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix panic when growing a memfdsecret When one tries to grow an existing memfdsecret with ftruncate, one gets a panic 1. For example, doing the following reliably induces the panic: fd = memfdsecret; ftruncatefd, 10;...

PT-2025-16770

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A bug in the f2fs file system has been identified, which can cause a panic when fallocation fails for pinfile. This issue occurs due to concurrent pinfile allocation running out of...

BIT-GOLANG-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

Unsound usages of `u8` type casting in spl-token-swap

The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...

AlmaLinux 9 : skopeo (ALSA-2024:11217)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:11217 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Tenable...

Important: Red Hat Security Advisory: skopeo security update

An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack...

CVE-2021-47498

The CVE-2021-47498 issue affects the Linux kernel where Device Mapper requests could be requeued during DM suspend due to blk-mq unquiesce calls from outside events, causing a kernel panic under nr_requests updates. The fix changes behavior to avoid queuing during suspend and to requeue requests ...

CVE-2024-26868

In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4fflayoutprepareds fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP:...

CVE-2024-26868 nfs: fix panic when nfs4_ff_layout_prepare_ds() fails

In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4fflayoutprepareds fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP:...

PT-2024-23309

Name of the Vulnerable Software and Affected Versions: Wasmtime version 19.0.0 Description: The issue is related to a regression in Wasmtime that can cause a panic in the host runtime when a guest WebAssembly module is executed. This panic occurs when a WebAssembly module issues a table...