UBUNTU-CVE-2024-35940

In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the pszkmsgread kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity...

CVE-2023-52663

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amdsofacpprobe Driver uses kasprintf to initialize fwcode,databin members of struct acpdevdata, but kfree is never called to deallocate the memory, which results in a memory leak. Fix the issue ...

Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after t...

GHSA-93X3-M7PW-PPQM Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after t...

SUSE CVE-2024-26978

In the Linux kernel, the following vulnerability has been resolved: serial: max310x: fix NULL pointer dereference in I2C instantiation When trying to instantiate a max14830 device from userspace: echo max14830 0x60 /sys/bus/i2c/devices/i2c-2/newdevice we get the following error: Unable to handle...

CVE-2024-26978

In the Linux kernel, the following vulnerability has been resolved: serial: max310x: fix NULL pointer dereference in I2C instantiation When trying to instantiate a max14830 device from userspace: echo max14830 0x60 /sys/bus/i2c/devices/i2c-2/newdevice we get the following error: Unable to handle...

CVE-2024-26908

REJECTED CVE In the Linux kernel, the following vulnerability has been resolved: x86/xen: Add some null pointer checking to smp.c The Linux kernel CVE team has assigned CVE-2024-26908 to this issue...

CVE-2024-26908

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-30681

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability...

CVE-2024-26770

A vulnerability was found in the Linux kernel during LED initialization in the devmkasprintf function, which returns a pointer to dynamically allocated memory. This pointer could return NULL if the function fails, which could result in crashes or undefined behavior...

CVE-2024-26770

CVE-2024-26770 concerns the Linux kernel HID for the Nvidia Shield: a missing null-pointer check in LED initialization (led init path) could dereference NULL after devm_kasprintf() returns NULL. The issue arises during LED initialization within the Nvidia Shield HID handling; the CVSSv3.1 vector ...

PT-2024-21444 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel. The issue is related to the dpu encoder helper phys cleanup function, which had assumed that hw pp will always be valid. However,...

CVE-2024-0075

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information...

CVE-2024-2464

This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1...

Delinea PAM Secret Server User Enumeration Vulnerability

Delinea PAM Secret Server is a key service manager from Delinea. A user enumeration vulnerability exists in Delinea PAM Secret Server version 11.4, which stems from a significant difference between valid and invalid login attempts, and can be exploited by a remote attacker to determine whether a...

The vulnerability of the `restore_fpregs_from_user()` function in the `arch/x86/kernel/fpu/signal.c` file of the Linux operating system’s FPU driver allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the restorefpregsfromuser function in the arch/x86/kernel/fpu/signal.c file of the Linux operating system’s FPU driver is related to insufficient control over the validity of user data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

CVE-2023-52607 powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtablecacheadd kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity...

CVE-2023-52512 pinctrl: nuvoton: wpcm450: fix out of bounds write

In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: wpcm450: fix out of bounds write Write into 'pctrl-gpiobank' happens before the check for GPIO index validity, so out of bounds write may happen. Found by Linux Verification Center linuxtesting.org with SVACE...

CVE-2024-23332

The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions o...

Design/Logic Flaw

The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions o...