CVE-2024-58016

In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handlepolicyupdate, triggering a warning in kmalloc. Check the size specified for write buffers...

CVE-2024-58016

CVE-2024-58016 (Linux kernel) fixes a safesetid vulnerability where syzbot could cause a kmalloc warning by writing an oversized buffer to a sysfs entry; the vulnerability arises from insufficient validation of write buffer sizes in handle_policy_update() and policy writes. The fix is to validate...

CVE-2024-58016 safesetid: check size of policy writes

In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handlepolicyupdate, triggering a warning in kmalloc. Check the size specified for write buffers...

SUSE CVE-2024-12254

Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...

FreeBSD 安全漏洞

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD, which stems from the ctlwritebuffer and ctlreadbuffer functions allocating memory for return to user space without initializing it...

DEBIAN-CVE-2022-48885

In the Linux kernel, the following vulnerability has been resolved: ice: Fix potential memory leak in icegnssttywrite The icegnssttywrite return directly if the writebuf alloc failed, leaking the cmdbuf. Fix by free cmdbuf if writebuf alloc failed...

Debian dsa-5653 : gtkwave - security update

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5653 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5653...

DEBIAN-CVE-2024-26622

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyowritecontrol Since tomoyowritecontrol updates head-writebuf when write of long lines is requested, we need to fetch head-writebuf after head-iosem is held. Otherwise, concurrent write requests c...

UBUNTU-CVE-2024-26622

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyowritecontrol Since tomoyowritecontrol updates head-writebuf when write of long lines is requested, we need to fetch head-writebuf after head-iosem is held. Otherwise, concurrent write requests c...

Vim 缓冲区错误漏洞

Vim is a cross-platform text editor. vim suffers from a buffer overflow vulnerability that results from undefined behavior in the diffwritebuffer function. An attacker could exploit this vulnerability to cause a buffer overflow...

UBUNTU-CVE-2021-42327

dplinksettingswrite in drivers/gpu/drm/amd/display/amdgpudm/amdgpudmdebugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parsewritebufferintoparam...

SUSE: Security Advisory (SUSE-SU-2013:0850-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2498-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2020-289

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one...

UBUNTU-CVE-2018-14642

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests...

openSUSE: Security Advisory for clamav (openSUSE-SU-2018:0825-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Vulnerability in OpenSSL - Multiblock corrupted pointer

Multiblock corrupted pointer. OpenSSL 1.0.2 introduced the “multiblock” performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of “multiblock” can cause OpenSSL’s internal write buffer to become...

Ubuntu 5.04 / 5.10 : linux-source-2.6.10, linux-source-2.6.12 vulnerabilities (USN-281-1)

The sysmbind function did not properly verify the validity of the 'maxnod' argument. A local user could exploit this to trigger a buffer overflow, which caused a kernel crash. CVE-2006-0557 The SELinux module did not correctly handle the tracer SID when a process was already being traced. A local...