CVE-2024-38552

The CVE-2024-38552 issue affects the Linux kernel DRM/AMD display path, specifically the color transformation function. A potential index out-of-bounds can occur when i exceeds TRANSFER_FUNC_POINTS, risking buffer overflow in output_tf->tf_pts.red/green/blue. The fix adds a bounds check for i,...

SUSE CVE-2024-35984

In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by...

AZL-42213 CVE-2024-35984 affecting package kernel for versions less than 5.15.158.1-1

In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by...

UBUNTU-CVE-2024-35984

In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by...

CVE-2024-35984 i2c: smbus: fix NULL function pointer dereference

In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by...

CVE-2024-35984 i2c: smbus: fix NULL function pointer dereference

In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by...

DEBIAN-CVE-2024-27044

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10setoutputtransferfunc' The 'stream' pointer is used in dcn10setoutputtransferfunc before the check if 'stream' is NULL. Fixes the below:...

UBUNTU-CVE-2024-27044

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10setoutputtransferfunc' The 'stream' pointer is used in dcn10setoutputtransferfunc before the check if 'stream' is NULL. Fixes the below:...

Unsafe use of transfer()/transferFrom() with IERC20

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and transferFrom functions on L1 do not return booleans as the specification...

Contracts are vulnerable to fee-on-transfer accounting-related issues

Lines of code 359, 448, 509, 530, 42, 797, 162 Vulnerability details Impact The functions below transfer funds from the caller to the receiver via transferFrom, but do not ensure that the actual number of tokens received is the same as the input amount to the transfer. If the token is a...

share update function in OmniToken.sol has accounting issue in transfer

Lines of code Vulnerability details Impact Transfer share function in OmniToken.sol can be abused Proof of Concept there is a function, transfer in OmniToken.sol function transferuint96 subId, bytes32 to, uint8 trancheId, uint256 shares external nonReentrant returns bool requiretrancheId...

Upgraded Q -> 2 from #48 [1686129354989]

Judge has assessed an item in Issue 48 as 2 risk. The relevant finding follows: CALLING transfer FUNCTION TO SEND ETH CAN REVERT --- The text was updated successfully, but these errors were encountered: All reactions...

buy() method of Tray.sol may exceed Block Limit

Lines of code Vulnerability details Impact DOS in buy method. Proof of Concept File: Tray.sol function buyuint256 amount external uint256 startingTrayId = nextTokenId; if prelaunchMinted == typeuint256.max // Still in prelaunch phase if msg.sender != owner revert OnlyOwnerCanMintPreLaunch; if...

Faulty fee handling in buyAndReduceDebt

Lines of code Vulnerability details Impact When passing fee params to buyAndReduceDebt with swapFeeTo and swapFeeBips, the PaprController will try to send the underlying token on the following line: underlying.transferparams.swapFeeTo, amountIn params.swapFeeBips / BIPSONE; But in a normal state,...

transfer is used on address payable

Lines of code Vulnerability details Proof of Concept The codebase makes heavy use of the deprecated transfer function of address payable. Its will inevitably make the transaction fail when: 1. The receiver smart contract does not implement a payable function. 2. The receiver smart contract does...

The Ether for an LPDA mint sale can be locked in the LPDA contract indefinitely

Lines of code Vulnerability details Impact After a mint sale using LPDA, all the Ether can be locked in the LPDA contract indefinitely. Proof of Concept In the src/minters/ contracts, the .transfer function is used for sending Ether. It is used for sending fees to the feeReceiver, and in the...

Royalties cannot be collected for many ERC20 tokens (USDT, BNB and many more) due to use of transfer function.

Lines of code Vulnerability details Description ERC20 royalties are paid using payoutTokens and payoutToken functions in PA1D.sol. Unfortunately these functions use ERC20's transfer instead of implementing safeTransfer: for uint256 i = 0; i length; i++ sending = bpsi balance / 10000;...

TokenHelper.sol#L40 : safeTransfer will revert due to insufficient gas.

Lines of code Vulnerability details Impact I am adding as high issue since most of the calling is done using the safeTransfer TokenHelper.solL40 : safeTransfer will revert due to insufficient gas. All the fuctions that are using the safeTransfer could fail due to insufficient gas. I see the...

Upgraded Q -> M from 921 [1666361310869]

Judge has assessed an item in Issue 921 as Medium risk. The relevant finding follows: 1. Should use call instead of transfer Line References GolomTrader.solL154 Impact The payableaddress.transfer function has a limit of 2300 gas source. If the receiver has a fallback/receive function that require...

Upgraded Q -> M from 437 [1666362126304]

Judge has assessed an item in Issue 437 as Medium risk. The relevant finding follows: Use safetransferfrom instead of transferfrom for ERC721. According to OpenZeppelin's documentation, transferFrom is discouraged and use safeTransferFrom instead. --- The text was updated successfully, but these...