37 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed an issue involving an untrusted unsigned subtraction operation. The following warnings from the “SMatch static checker” have also been fixed: net/rxrpc/rxgkapp.c:65 rxgkyfsdecodeticket Warning: Untrusted unsigned...
CLSA-2026-1776438517 gstreamer1-plugins-bad-free: Fix of CVE-2026-3082
CVE-2026-3082: fix heap-based buffer overflow in JPEG parser READBYTES macro by adding sizeofbuf bounds check...
CVE-2023-54312
In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcpbasertt Using sizeofnv or strlennv+1 is correct...
SUSE CVE-2025-39962
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgkapp.c:65 rxgkyfsdecodeticket warn: untrusted unsigned subtract. 'ticketlen - 10 4' by prechecking the length of what we're tryi...
EUVD-2025-33336
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgkapp.c:65 rxgkyfsdecodeticket warn: untrusted unsigned subtract. 'ticketlen - 10 4' by prechecking the length of what we're tryi...
CVE-2025-39962
The CVE-2025-39962 entry concerns the Linux kernel RXRPC path. A bug in rxgk_app.c involved an untrusted unsigned subtract (ticket_len - 10 * 4) that could affect token parsing. The fix prechecks token lengths in two places and uses sizeof() for the extracted struct. This CVE is marked as resolve...
CVE-2025-39962 rxrpc: Fix untrusted unsigned subtract
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgkapp.c:65 rxgkyfsdecodeticket warn: untrusted unsigned subtract. 'ticketlen - 10 4' by prechecking the length of what we're tryi...
PT-2025-41376
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a flaw related to an untrusted unsigned subtract operation within the rxrpc subsystem. Specifically, a Smatch static checker warning was identified in the rxgk...
CVE-2024-56684 mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks()
In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: fix wrong use of sizeof in cmdqgetclocks It should be size of the struct clkbulkdata, not data pointer pass to devmkcalloc...
CVE-2024-56684
In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: fix wrong use of sizeof in cmdqgetclocks It should be size of the struct clkbulkdata, not data pointer pass to devmkcalloc...
CVE-2024-56684
CVE-2024-56684: In the Linux kernel, mailbox: mtk-cmdq had a wrong sizeof usage in cmdq_get_clocks() where a data pointer was passed to devm_kcalloc(); the allocation should be sizeof(struct clk_bulk_data). The patch fixes the allocation size, addressing a potential memory/overflow issue when con...
Unbreakable Enterprise kernel security update
4.14.35-2047.539.5 - Revert 'mm/writeback: fix possible divide-by-zero in wbdirtylimits, again' Jan Kara - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879158 CVE-2024-41090 CVE-2024-41091 4.14.35-2047.539.4 - Fix parsing error in UEK5 kernel-uek-spec Yifei Liu Orabug: 368471...
CVE-2024-38587
In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof vs ARRAYSIZE bug The "buf" pointer is an array of u16 values. This code should be using ARRAYSIZE which is 256 instead of sizeof which is 512, otherwise it can the still got out of bounds. Mitigation Mitigatio...
CVE-2024-38587 speakup: Fix sizeof() vs ARRAY_SIZE() bug
In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof vs ARRAYSIZE bug The "buf" pointer is an array of u16 values. This code should be using ARRAYSIZE which is 256 instead of sizeof which is 512, otherwise it can the still got out of bounds...
SUSE CVE-2024-35827
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...
UBUNTU-CVE-2024-35827
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...
DEBIAN-CVE-2023-52655
In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeofu64 the value passed to skbtrim as length will wrap around ending up as some very large value. The driver will then proce...
SUSE CVE-2009-2632
Buffer overflow in the SIEVE script component sieve/script.c, as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to...
SUSE CVE-2021-23975
The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects...
GSD-2022-1006906 dmaengine: qcom-adm: fix wrong sizeof config in slave_config
dmaengine: qcom-adm: fix wrong sizeof config in slaveconfig This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...