4 matches found
CVE-2024-36477
In the Linux kernel, the following vulnerability has been resolved: tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account...
CVE-2024-36477 tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
In the Linux kernel, the following vulnerability has been resolved: tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account...
lack of an ownership transfer mechanism
Lines of code Vulnerability details Issue: The code does not have a mechanism to transfer ownership of the contract. In the current implementation, once deployed, the contract owner's address cannot be changed. This can be problematic for contract maintenance and security, as it restricts the...
Loss of tokens due to wrong burn function
Lines of code Vulnerability details Impact redeemToUnderlying is also affected by the issue I reported earlier which is described below. The redeem function calls burn which is inherited from IERC777Upgradeable contract whose action is to burn ERC20 tokens, thus there is no transfer or withdrawal...