CVE-2024-39482

CVE-2024-39482 relates to the Linux kernel bug in bcache: it abused a fixed-length array in btree_iter when used with dynamically-sized iterators, triggering UBSAN. The fix introduces a flexible array member in btree_iter and a separate btree_iter_stack that embeds a btree_iter plus a data array,...

CVE-2024-39482 bcache: fix variable length array abuse in btree_iter

In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btreeiter btreeiter is used in two ways: either allocated on the stack with a fixed size MAXBSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the...

CVE-2024-39478 crypto: starfive - Do not free stack buffer

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from allowing the use of variable-length buffers...

SUSE CVE-2024-38623

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

CVE-2024-38623

A vulnerability was found in the Linux kernel's NTFS3 filesystem module. This issue has been resolved by switching from a fixed-size array to a variable-length array. This change mitigates the risk of buffer overflows that could potentially be exploited by attackers. Mitigation Mitigation for thi...

DEBIAN-CVE-2024-38623

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

CVE-2024-38623

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

CVE-2024-38623

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

UBUNTU-CVE-2024-38623

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

CVE-2024-38623 fs/ntfs3: Use variable length array instead of fixed size

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

CVE-2024-38623 fs/ntfs3: Use variable length array instead of fixed size

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fs/ntfs3 module not using variable-length arrays instead of fixed sizes...

[SECURITY] Fedora 40 Update: rust-leb128-0.2.5-9.fc40

Read and write DWARF's "Little Endian Base 128" LEB128 variable length integer encoding...

PT-2024-2951 · Gtkwave · Gtkwave

Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: The issue is related to an improper array index validation vulnerability in the EVCD var len parsing functionality. This can lead to arbitrary code execution when a victim opens a specially crafted .evcd...

SUSE CVE-2023-4039

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

[term-fix] Mitigation Error

Lines of code Vulnerability details Note - The term refactoring has been made for the following reason: Our main KIBT is intended to be backed by 1-year treasury bill tokens, however, a bond issued on 1 Jan 2023 does not have the same amount of seconds compared to a 1-year treasury bill issued on...

SUSE CVE-2021-3527

A flaw was found in the USB redirector device usb-redir of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array VLA on the stack...

RHEL 9 : openssl (RHSA-2022:7288)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7288 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full strength...

openssl security update

An update is available for openssl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...