31 matches found
kernel: Linux kernel dpaa2-switch: Kernel memory corruption via out-of-bounds write
A flaw was found in the Linux kernel dpaa2-switch driver. This out-of-bounds write vulnerability occurs because the driver does not validate the numifs value reported by the firmware against the DPSWMAXIF limit. A highly privileged attacker, capable of influencing the DPAA2 firmware or management...
Astra Linux – Vulnerability in Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: “sh: push-switch: Reorder cleanup operations to avoid use-after-free bug” The original code placed “flushwork” before “timershutdownsync” in “switchdrvremove”. Although we use “flushwork” to stop the worker, it could be reschedul...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: mlxsw: spectrumacltcam: Fixed incorrect use of the list API. Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call listfirstentry on the respective...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: dsa: don’t leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba, we had a issue where a call to tagops-disconnectdst was issued from dsatreefree, which was called during the tree teardown...
PT-2026-37545
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write issue exists in the dpaa2-switch driver. The driver retrieves the sw attr.num ifs value from firmware using the dpsw get attributes function without validating it...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the dpaa2-switch driver failing to validate the numifs value, potentially leading to out-of-bound...
EUVD-2025-12955
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-50047
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: mv88e6060: prevent crash on an unused port If the port isn't a CPU port nor a user port, 'cpudp' is a null pointer and a crash happened on dereferenci...
CVE-2022-49808
In the Linux kernel, the following vulnerability has been resolved: net: dsa: don't leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba "net: dsa: introduce tagger-owned storage for private and shared data", we had a call to tagops-disconnectdst issued from...
CVE-2022-49808
CVE-2022-49808 concerns the Linux kernel net: dsa teardown path where tagger-owned storage could leak on unbind. The provided description explains the root cause: in the dsa switch teardown path, tag_ops->disconnect was not properly dismantled during normal driver teardown, risking use-after-f...
CVE-2022-49808 net: dsa: don't leak tagger-owned storage on switch driver unbind
In the Linux kernel, the following vulnerability has been resolved: net: dsa: don't leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba "net: dsa: introduce tagger-owned storage for private and shared data", we had a call to tagops-disconnectdst issued from...
CVE-2022-49808
In the Linux kernel, the following vulnerability has been resolved: net: dsa: don't leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba "net: dsa: introduce tagger-owned storage for private and shared data", we had a call to tagops-disconnectdst issued from...
CVE-2022-49808 net: dsa: don't leak tagger-owned storage on switch driver unbind
In the Linux kernel, the following vulnerability has been resolved: net: dsa: don't leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba "net: dsa: introduce tagger-owned storage for private and shared data", we had a call to tagops-disconnectdst issued from...
The vulnerability of the tb_port_update_credits() function in the drivers/thunderbolt/switch.c module of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the tbportupdatecredits function in the drivers/thunderbolt/switch.c module of the Linux kernel is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
UBUNTU-CVE-2022-49195
In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic on shutdown if multi-chip tree failed to probe DSA probing is atypical because a tree of devices must probe all at once, so out of N switches which call dsatreesetuproutingtable during probe, for N - 1 of them...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly release the cmdbuff in the dpaa2-switch driver when an error occurs in the...
CVE-2022-48814
In the Linux kernel, the following vulnerability has been resolved: net: dsa: seville: register the mdiobus under devres As explained in commits: 74b6d7d13307 "net: dsa: realtek: register the MDIO bus under devres" 5135e96a3dd2 "net: dsa: don't allocate the slavemiibus using devres" mdiobusfree...
CVE-2022-48815
In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcmsf2: don't use devres for mdiobus As explained in commits: 74b6d7d13307 "net: dsa: realtek: register the MDIO bus under devres" 5135e96a3dd2 "net: dsa: don't allocate the slavemiibus using devres" mdiobusfree will...
CVE-2022-48818
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: don't use devres for mdiobus As explained in commits: 74b6d7d13307 "net: dsa: realtek: register the MDIO bus under devres" 5135e96a3dd2 "net: dsa: don't allocate the slavemiibus using devres" mdiobusfree will...
CVE-2022-48813
In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: don't use devres for mdiobus As explained in commits: 74b6d7d13307 "net: dsa: realtek: register the MDIO bus under devres" 5135e96a3dd2 "net: dsa: don't allocate the slavemiibus using devres" mdiobusfree will pan...