EUVD-2025-205777

A flaw has been found in Tenda M3 1.0.0.134903. The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The...

EUVD-2022-55872

In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgusubdevsetselection Calling v4l2subdevgettrycrop and v4l2subdevgettrycompose with a subdev state of NULL leads to a NULL pointer dereference. This can currently happen in...

CVE-2025-15252

A flaw has been found in Tenda M3 1.0.0.134903. The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2025-15252

Affected product: Tenda M3, version 1.0.0.13(4903). Vulnerable component: function formSetRemoteDhcpForAp in /goform/setDhcpAP. Root cause: manipulation of arguments startip, endip, leasetime, gateway, dns1, dns2 leads to a stack-based buffer overflow. Impact: remote attacker can trigger the over...

CVE-2023-54260

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbddestroy will directly return, then the connection info will be leaked. Let's set the smb...

CVE-2023-54168

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in setusersqsize The ucmd-logsqbbcount variable is controlled by the user so this shift can wrap. Fix it by using checkshloverflow in the same way that it was done in commit 515f60004ed9 "RDMA/hn...

CVE-2023-54168

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in setusersqsize The ucmd-logsqbbcount variable is controlled by the user so this shift can wrap. Fix it by using checkshloverflow in the same way that it was done in commit 515f60004ed9 "RDMA/hn...

CVE-2023-54321

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential null-ptr-deref in deviceadd I got the following null-ptr-deref report while doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 CPU: 2 PID: 278 Comm: 37-i2c-ds248...

CVE-2022-50814

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sglsgenr KASAN reported this Bug: 17619.659757 BUG: KASAN: global-out-of-bounds in paramgetint+0x34/0x60 17619.673193 Read of size 4 at addr fffff01332d7ed00 by task readall/1507958...

UBUNTU-CVE-2022-50826

In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgusubdevsetselection Calling v4l2subdevgettrycrop and v4l2subdevgettrycompose with a subdev state of NULL leads to a NULL pointer dereference. This can currently happen in...

CVE-2023-54321 driver core: fix potential null-ptr-deref in device_add()

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential null-ptr-deref in deviceadd I got the following null-ptr-deref report while doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 CPU: 2 PID: 278 Comm: 37-i2c-ds248...

CVE-2022-50845 ext4: fix inode leak in ext4_xattr_inode_create() on an error path

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4xattrinodecreate on an error path There is issue as follows when do setxattr with inject fault: localhost fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 12-Sep-2022 Pass 1: Checking inodes, blocks, and sizes...

CVE-2022-50845

CVE-2022-50845 fixes an inode leak in ext4_xattr_inode_create() on an error path during setxattr; if ext4_mark_inode_dirty() fails, the inode’s i_nlink can be dropped, leading to an inode leak.

CVE-2022-50826 ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()

In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgusubdevsetselection Calling v4l2subdevgettrycrop and v4l2subdevgettrycompose with a subdev state of NULL leads to a NULL pointer dereference. This can currently happen in...

CVE-2022-50826 ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()

In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgusubdevsetselection Calling v4l2subdevgettrycrop and v4l2subdevgettrycompose with a subdev state of NULL leads to a NULL pointer dereference. This can currently happen in...

CVE-2022-50814

CVE-2022-50814 affects the Linux kernel crypto driver hisilicon/zip, where a mismatch in the sgl_sge_nr variable (type u16) occurs when reading/writing via param_get/set_int, triggering a KASAN global-out-of-bounds read. The documented fix is to replace param_get/set_int with param_get/set_ushort...

CVE-2025-15234 Tenda M3 setInternetLanInfo formSetRemoteInternetLanInfo heap-based overflow

A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...

EUVD-2025-205698

A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...

CVE-2025-15234 Tenda M3 setInternetLanInfo formSetRemoteInternetLanInfo heap-based overflow

A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...

CVE-2025-15234

A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...