CVE-2021-47608 bpf: Fix kernel address leakage in atomic fetch

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 "bpf: Propagate stack bounds to registers in atomics w/ BPFFETCH" around checkmemaccess handling is buggy since this would allow for unprivileged...

CVE-2021-47608

CVE-2021-47608 involves a bug in the Linux kernel BPF fetch path (bpf: Fix kernel address leakage in atomic fetch) where a faulty check_mem_access() handling could cause leakage of kernel pointers from spilled stack registers when performing atomic XADD. The issue arises in the BPF_FETCH path, wh...

UBUNTU-CVE-2024-36906

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: 33.452494 ================================================================== 33.453513 BUG: KASAN: stack-out-of-bounds in...

SUSE CVE-2023-52676

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit registe...

AZL-67731 CVE-2023-52676 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit registe...

DEBIAN-CVE-2023-52676

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit registe...

UBUNTU-CVE-2023-52676

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit registe...

CVE-2023-52676

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit registe...

UBUNTU-CVE-2021-46954

In the Linux kernel, the following vulnerability has been resolved: net/sched: schfrag: fix stack OOB read while fragmenting IPv4 packets when 'actmirred' tries to fragment IPv4 packets that had been previously re-assembled using 'actct', splats like the following can be observed on kernels built...

AZL-35905 CVE-2023-52452 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory ever since 6715df8d5 but, before this patch, these accesses were permitted inconsistently. In particular,...

SAMSUNG Mobile device 缓冲区错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile device SMR Jul-2023 Release 1 version, which originates from a stack out-of-bounds write vulnerabili...

kernel: scsi: scsi_debug: Fix type in min_t to avoid stack OOB

A vulnerability was found in the Linux kernel's SCSI driver, in sgcopybuffer function, where an incorrect type in the mint macro can lead to a stack out-of-bounds condition. This occurs due to sign extension of larger values, which may result in memory corruption or DoS...

PT-2022-34994 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to a stack-out-of-bounds condition in the strncpy function. This is an automated identification of a potential security issue, and its actual impact and attack plausibili...

PT-2022-34491 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.291 Description: The issue concerns a stack-out-of-bound access in SPMI tracing functions. It was introduced in version v4.3 and fixed in version v4.14.291. The actual impact and attack plausibility have n...

CVE-2021-25669

A vulnerability has been identified in SCALANCE X200-4P IRT All versions 5.5.1, SCALANCE X201-3P IRT All versions 5.5.1, SCALANCE X201-3P IRT PRO All versions 5.5.1, SCALANCE X202-2 IRT All versions 5.5.1, SCALANCE X202-2P IRT incl. SIPLUS NET variant All versions 5.5.1, SCALANCE X202-2P IRT PRO...

Design/Logic Flaw

Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser...