64 matches found
CVE-2024-39478 crypto: starfive - Do not free stack buffer
In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...
CVE-2024-39478 crypto: starfive - Do not free stack buffer
In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...
CVE-2024-39478
The CVE-2024-39478 vulnerability affects the Linux kernel crypto: starfive code path, where RSA text data uses a variable-length buffer allocated on the software stack. Calling kfree on that buffer can cause undefined behavior in subsequent operations, due to freeing a stack-allocated buffer. The...
CVE-2022-48696
In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...
CVE-2022-48696
In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...
CVE-2024-26851 netfilter: nf_conntrack_h323: Add protection for bmp length out of range
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: Add protection for bmp length out of range UBSAN load reports an exception of BRK5515 SHIFTISSUE:Bitwise shifts that are out of bounds for their data type. vmlinux getbitmapb=75 + 712 vmlinux...
CVE-2024-26851 netfilter: nf_conntrack_h323: Add protection for bmp length out of range
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: Add protection for bmp length out of range UBSAN load reports an exception of BRK5515 SHIFTISSUE:Bitwise shifts that are out of bounds for their data type. vmlinux getbitmapb=75 + 712 vmlinux...
The vulnerability of the rtw_get_tx_power_params() function of the UBSAN service (Undefined Behaviour Sanity Checker) in the Linux operating system allows a hacker to disclose protected information.
The vulnerability of the rtwgettxpowerparams function of the UBSAN service Undefined Behaviour Sanity Checker in Linux kernel is related to the occurrence of operations outside the buffer in memory due to inconsistencies in the channel group values. Exploitation of this vulnerability can allow an...
CVE-2021-47065
In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtwgettxpowerparams Using a kernel with the Undefined Behaviour Sanity Checker UBSAN enabled, the following array overrun is logged:...
DEBIAN-CVE-2021-47065
In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtwgettxpowerparams Using a kernel with the Undefined Behaviour Sanity Checker UBSAN enabled, the following array overrun is logged:...
RUSTSEC-2024-0017 Non-idiomatic use of iterators leads to use after free
Code that attempts to use an item e.g., a row returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. Code that uses the item and then advances the iterator is unaffected. This problem has always existed. This is ...
EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2023-2149)
According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to...
kernel: rtw89: cfo: check mac_id to avoid out-of-bounds
In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check macid to avoid out-of-bounds Somehow, hardware reports incorrect macid and pollute memory. Check index before we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23 index 188 is out of rang...
GHSA-2QV5-7MW5-J3CG spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...
Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...
Invalid Downcast
firefox is vulnerable to Invalid Downcast. The vulnerability exists because the invalid downcast from nsTextNode to SVGElement leads to undefined behaviour...
Invalid Downcast
firefox is vulnerable to Invalid Downcast. The vulnerability exists because the invalid downcast from nsTextNode to nsIContent leads to undefined behaviour...
freerdp -- multiple vulnerabilities
FreeRDP reports: GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder. GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder. GHSA-387j-8j96-7q35: Division by zero in urbdrc channel. GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel. GHSA-qfq2-82qr-7f4j: Heap buffer overflow i...
SUSE SLED12: ImageMagick / ImageMagick-config-6-SUSE / etc (SUSE-SU-2022:3138-1)
The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3138-1 advisory. - CVE-2021-20224: Fixed an integer overflow that could be triggered via a crafted file bsc1202800. Tenable has extracte...