19 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: uacce: fixed the isolate/sysfs check condition. uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will now create sysfs...
CVE-2025-8860
CVE-2025-8860 affects QEMU by a flaw in the uefi-vars device: after writing to UEFI_VARS_REG_BUFFER_SIZE, a heap buffer is allocated without zeroing, leaving residual data that can be read later from UEFI_VARS_REG_PIO_BUFFER_TRANSFER, causing information disclosure. Oracle Linux advisories ELSA-2...
CVE-2025-8860 Qemu-kvm: uefi-vars: information disclosure vulnerability in uefi_vars_write callback
A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...
SUSE CVE-2026-23094
In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...
CVE-2026-23094
In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...
CVE-2026-23094
CVE-2026-23094 : In the Linux kernel, the uacce subsystem’s device isolation feature creates sysfs files when either isolate_err_threshold_read or isolate_err_threshold_write callbacks exist. The issue was that accessing a non-existent callback could crash the system. The resolution implements a ...
EUVD-2026-5448
In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...
CVE-2026-23094 uacce: fix isolate sysfs check condition
In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...
CVE-2026-23094 uacce: fix isolate sysfs check condition
In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...
CVE-2026-22026
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the libcurl writecallback function in the KMC...
PT-2026-2134
Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP for secure communication between a spacecraft and a ground station. The write...
PT-2025-35349
Name of the Vulnerable Software and Affected Versions qemu affected versions not specified Description The vulnerability involves an information disclosure issue in QEMU. A heap buffer is allocated without being zeroed, potentially exposing residual data from prior allocations. This data can be...
The vulnerability of the curl_write_cb() function in the universal monitoring system Zabbix allows a attacker to trigger a Denial-of-Service Attack (DoS).
The vulnerability of the curlwritecb function in the universal monitoring system Zabbix is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to trigger a Denial-of-Service attack...
CVE-2024-42328
When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...
UBUNTU-CVE-2024-42328
When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...
PT-2024-40824 · Flac · Flac
Name of the Vulnerable Software and Affected Versions: FLAC affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the FLAC replaygain synthesis apply gain function, which is called from the write callback and...
PT-2023-35726 · Git +1 · Flac
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...
Null pointer dereference
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference...
curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback
contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...