1874 matches found
Important: kernel
Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 In the Linux kernel, the following vulnerability has been...
Important: kernel
Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 In the Linux kernel, the following vulnerability has been...
CLSA-2024-1711026811 kernel: Fix of 7 CVEs
netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one CVE-2023-39197 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier CVE-2023-52449 - media: pvrusb2: fix use after free on context disconnection CVE-2023-52445 - net: prevent mss overflow in skbsegment...
net: prevent mss overflow in skb_segment()
...
BIT-TENSORFLOW-2020-15212 Out of bounds access in tensorflow-lite
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...
BIT-TENSORFLOW-2020-15213 Denial of service in tensorflow-lite
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor,...
BIT-GOLANG-2023-39326 Denial of service via chunk extensions in net/http
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...
BIT-CONSUL-2021-41803
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."...
Medium: kernel
Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 In the Linux kernel, the following vulnerability has been...
Medium: kernel
Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 In the Linux kernel, the following vulnerability has been...
Important: kernel
Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 A flaw was found in the smb client in the Linux kernel. A...
OESA-2024-1244 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the...
OESA-2024-1243 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the...
OESA-2024-1240 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the...
OESA-2024-1239 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the...
OESA-2024-1242 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the...
OESA-2024-1241 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the...
SUSE CVE-2021-47007
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fsresizefs f2fsresizefs hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...
DEBIAN-CVE-2021-47004
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in getvictim In CP disabling mode, there are two issues when using LFS or SSR | ATSSR mode to select victim: 1. LFS is set to find source section during GC, the victim should have no...
UBUNTU-CVE-2021-47004
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in getvictim In CP disabling mode, there are two issues when using LFS or SSR | ATSSR mode to select victim: 1. LFS is set to find source section during GC, the victim should have no...