CVE-2021-46774

Insufficient DRAM address validation in System Management Unit SMU may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service...

kernel: out-of-bounds write in qfq_change_class function

An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control QoS subsystem in how a user triggers the qfqchangeclass function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on t...

kernel: fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL

In the Linux kernel, the following vulnerability has been resolved: fortify: Fix compiletimestrlen under UBSANBOUNDSLOCAL With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observe a runtime panic while running Android's Compatibility Test Suite's CTS android.hardware.input.cts.tests...

kernel: media: uvcvideo: Fix memory leak in uvc_gpio_parse

A memory leak was found in the UVC video driver's GPIO parsing code. When IRQ acquisition fails for a privacy GPIO, the previously allocated unit buffer is not freed, causing a memory leak...

AMD EPYC Security Vulnerability

AMD EPYC is an x86 architecture server microprocessor product line from AMD, known as "Xiao Long" in Chinese, utilizing the Zen microarchitecture. The AMD EPYC suffers from a security vulnerability that stems from insufficient validation of the DRAM address in the System Management Unit SMU, whic...

PT-2023-17453 · Suse · Suse

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient DRAM address validation in the System Management Unit SMU, which may allow an attacker to read or write from an...

PT-2023-12583 · Suse · Suse

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient DRAM address validation in the System Management Unit SMU, which may allow an attacker to read or write from an...

AMD EPYC Security Vulnerability

AMD EPYC is an x86 architecture server microprocessor product line from AMD, known as "Xiao Long" in Chinese, utilizing the Zen microarchitecture. The AMD EPYC suffers from a security vulnerability that stems from insufficient validation of the DRAM address in the System Management Unit SMU, whic...

Intel NUC Security Vulnerability

Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in Intel NUC. An attacker could exploit this vulnerability to cause elevation of privilege, denial of service, and information disclosure...

The vulnerability of the `scan_unit_for_symbols` function in the `dwarf2.c` component of the GNU Binutils development environment allows a hacker to trigger a service failure.

The vulnerability of the scanunitforsymbols function in the dwarf2.c component of the GNU Binutils development environment is related to pointer arithmetic errors. Exploiting this vulnerability allows an attacker who operates remotely to trigger a service failure using a specially created ELF fil...

mariadb: server crash in st_select_lex_unit::exclude_level

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component stselectlexunit::excludelevel...

CVE-2023-4272

A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory...

kernel: cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver

A reference leak flaw was found in the Linux kernel's AMD P-state unit test driver in the CPU policy access logic. A local user can trigger this issue by loading the amd-pstate-ut driver, which acquires CPU policy references via cpufreqcpuget without releasing them via cpufreqcpuput. This causes...

kernel: perf/arm_dmc620: Fix hotplug callback leak in dmc620_pmu_init()

A resource leak flaw was found in the ARM DMC-620 PMU driver. If platformdriverregister fails during module initialization, the CPU hotplug callback registered earlier is not removed, leaving a dangling callback...

kernel: media: uvcvideo: Fix memory leak in uvc_gpio_parse

A memory leak was found in the UVC video driver's GPIO parsing code. When IRQ acquisition fails for a privacy GPIO, the previously allocated unit buffer is not freed, causing a memory leak...

kernel: perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()

A resource-handling flaw was found in the Linux kernel performance monitoring driver for ARM System Memory Management Unit version 3 in the way hotplug callbacks are registered during driver initialization. If driver registration fails, previously added CPU hotplug callbacks are not removed,...

ARM Valhall GPU Kernel Driver and ARM Mali GPU Driver Resource Management Error Vulnerability

The ARM Valhall GPU Kernel Driver and ARM Mali GPU Driver are both products of ARM UK.The Valhall GPU Kernel Driver is a Valhall GPU kernel driver.The ARM Mali GPU Driver is a driver to support the Mali GPU. The ARM Mali GPU Driver is a driver to support Mali GPUs. A resource management error...

DEBIAN-CVE-2023-40661

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

CVE-2023-45868

The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...

CVE-2023-45868

CVE-2023-45868 concerns the Learning Module in ILIAS 7.25 (2023-09-12 release). The vulnerability allows a high-impact Directory Traversal leading to confidentiality and availability loss. An attacker with basic user privileges can exploit the issue by manipulating a POST request during exercise ...