51 matches found
kernel: nbd: always initialize struct msghdr completely
In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...
kernel: nbd: always initialize struct msghdr completely
In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...
kernel: Reserved fields in guest message responses may not be zero initialized
A flaw was found in some AMD CPUs where the guest message responses have not been zero-initialized. This issue may allow a local attacker with the ability to run arbitrary code on a container or virtual machine to discover sensitive information contained in the host system's memory...
DEBIAN-CVE-2024-42283
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...
AZL-47799 CVE-2024-42283 affecting package kernel for versions less than 6.6.47.1-1
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...
CVE-2024-42283 net: nexthop: Initialize all fields in dumped nexthops
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...
CVE-2021-47482
In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadvncmeshfree. The problem was in wrong error handling in batadvmeshinit. Before this patch batadvmeshinit was calling batadvmeshfree in case of any...
UBUNTU-CVE-2021-47482
In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadvncmeshfree. The problem was in wrong error handling in batadvmeshinit. Before this patch batadvmeshinit was calling batadvmeshfree in case of any...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that it will clean up uninitialized fields...
The vulnerability of the __sock_xmit() function in the drivers/block/nbd.c module of the Linux kernel’s nbd driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the sockxmit function in the drivers/block/nbd.c module of the Linux kernel’s nbd driver is related to the use of uninitialized fields in the struct msghdr structure. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from uninitialized fields...
DEBIAN-CVE-2023-52616
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpiecinit When the mpiecctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this iss...
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-2717)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-2675)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GNU Binutils Denial of Service Vulnerability (CNVD-2025-21054)
GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. A denial of service vulnerability exists in GNU Binutils, which arises from...
GNU Binutils 安全漏洞
GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. A denial of service vulnerability exists in GNU Binutils, which arises from...
SUSE CVE-2017-13715
The skbflowdissect function in net/core/flowdissector.c in the Linux kernel before 4.3 does not ensure that nproto, ipproto, and thoff are initialized, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a single crafted MPLS packet...
SUSE CVE-2019-16714
In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized...
CVE-2021-41253
Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in zycore in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis...
PT-2021-23217 · Zydis · Zydis
Name of the Vulnerable Software and Affected Versions: Zydis versions v3.2.0 and older Description: Zydis is an x86/x86-64 disassembler library. Users that use the string functions provided in zycore to append untrusted user data to the formatter buffer within their custom formatter hooks can run...