kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrolrtwdev, para0, &para1', which reads 5 bytes: void rtwfwbtwificontrolstruct...

kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrolrtwdev, para0, &para1', which reads 5 bytes: void rtwfwbtwificontrolstruct...

Oracle Linux 10 : kernel (ELSA-2025-13598)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-13598 advisory. - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds - CVE-2025-38159 - Revert 'smb: client: fix TCP timers deadlock after rmmod'...

ALSA-2025:13590 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 kernel: can...

CVE-2022-30774

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...

Immunity Debugger 安全漏洞

Immunity Debugger is a simple debugging application by Kiran Bandla Personal Developer. A security vulnerability exists in Immunity Debugger v1.85 that stems from improper handling of parameter buffer sizes, resulting in a stack overflow...

CVE-2022-30774

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...

Code injection

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...

CVE-2022-33982

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU...

CVE-2022-32266

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the...

CVE-2022-30773

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack. DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation, Taiwan, which implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O IhisiSmm, which stems from the parameter buffer bei...

PT-2022-20307 · Insyde · Ihisismm Driver

Name of the Vulnerable Software and Affected Versions: IhisiSmm driver versions prior to Kernel 5.4: 05.44.23 IhisiSmm driver versions prior to Kernel 5.5: 05.52.23 Description: The issue allows DMA attacks on the parameter buffer used by the IhisiSmm driver to change the contents after parameter...

CVE-2022-30773

CVE-2022-30773 describes DMA attacks against the parameter buffer of the IhisiSmm driver, enabling a TOCTOU where an attacker could alter data after parameter validation but before use. The issue is addressed by kernel fixes: Kernel 5.4 (05.44.23) and Kernel 5.5 (05.52.23). Affected component: Ih...

CVE-2022-30774

CVE-2022-30774 describes a TOCTOU vulnerability in the parameter buffer used by the PnpSmm driver, enabling DMA to modify contents after parameter values are checked but before use. Documented for Siemens RuggedCom APE1808 products with InsydeH2O UEFI firmware, the CVSS base score is 6.4 (AV:L/AC...

PT-2022-20308 · Insyde · Insydeh2O Uefi Firmware

Name of the Vulnerable Software and Affected Versions: InsydeH2O UEFI firmware versions prior to Kernel 5.2: 05.27.29 InsydeH2O UEFI firmware versions prior to Kernel 5.3: 05.36.25 InsydeH2O UEFI firmware versions prior to Kernel 5.4: 05.44.25 InsydeH2O UEFI firmware versions prior to Kernel 5.5:...

CVE-2022-33982

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU...

PT-2022-21944 · Insyde · Int15Servicesmm

Name of the Vulnerable Software and Affected Versions: Int15ServiceSmm software SMI handler versions prior to Kernel 5.2: 05.27.23 Int15ServiceSmm software SMI handler versions prior to Kernel 5.3: 05.36.23 Int15ServiceSmm software SMI handler versions prior to Kernel 5.4: 05.44.23 Int15ServiceSm...

CVE-2019-1010044

borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable...