205 matches found
PT-2026-3850
Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2025.10.0 Description EVerest is an EV charging software stack. An integer overflow in the SdpPacket::parse header function can occur when processing data. Specifically, the current buffer length can be set to 7 after...
kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length
In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...
kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length
In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...
kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length
In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...
curl: MQTT: Missing upper bound on incoming Remaining Length allows server-controlled long wait
Curl's MQTT implementation accepts any valid Remaining Length advertised by the server without an explicit upper bound beyond the MQTT spec maximum of 268,435,455 bytes. A malicious server can send a PUBLISH packet claiming this maximum size but provide only minimal payload, causing curl to wait...
curl: MQTT Protocol Violation & Integer Overflow in libcurl
Executive Summary Vulnerability Type: CWE-190 Component: lib/mqtt.c Function: mqttdecodelen Affected Architectures: - All architectures: Protocol non-compliance leading to stream desynchronization - 32-bit architectures: Deterministic integer overflow in length decoding libcurl does not correctly...
CVE-2023-54150 drm/amd: Fix an out of bounds error in BIOS parser
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an out of bounds error. commit 4fc1ba4aa589...
EUVD-2025-203710
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...
CVE-2025-68186
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...
UBUNTU-CVE-2025-68186
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...
EUVD-2025-203316
openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p-rem and p-len is not checked...
DEBIAN-CVE-2023-53778
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Clean up integer overflow checking in mapuserpages The encodedma function has some validation on intrans-size but it would be more clear to move those checks to findandmapuserpages. The encodedma had two checks: if...
UBUNTU-CVE-2023-53778
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Clean up integer overflow checking in mapuserpages The encodedma function has some validation on intrans-size but it would be more clear to move those checks to findandmapuserpages. The encodedma had two checks: if...
CVE-2023-53778 accel/qaic: Clean up integer overflow checking in map_user_pages()
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Clean up integer overflow checking in mapuserpages The encodedma function has some validation on intrans-size but it would be more clear to move those checks to findandmapuserpages. The encodedma had two checks: if...
PT-2025-49638
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the accel/qaic component related to integer overflow checking within the map user pages function. The encode dma function previously had validation on...
Malicious code in flatten-unflatten (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96678bbed20be5d500dc65bda769b41f7d3666a18c8a76262aca5ed79ef584fd The package flatten-unflatten was found to contain malicious code. Source: ghsa-malware...
accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()
...
EUVD-2025-124911
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in findandmapuserpages Currently, if findandmapuserpages takes a DMA xfer request from the user with a length field set to 0, or in a rare case, the host receives QAICTRANSDMAXFERCONT fro...
CVE-2025-40172 accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in findandmapuserpages Currently, if findandmapuserpages takes a DMA xfer request from the user with a length field set to 0, or in a rare case, the host receives QAICTRANSDMAXFERCONT fro...
CVE-2025-40126
CVE-2025-40126 affects the Linux kernel (sparc/UltraSPARC) where a faulty exception handling path in copy_from_user and copy_to_user could affect the return value in faulting scenarios. The referenced commit added exception handlers for user-space memory references and incorrectly calculated the ...