195 matches found
UBUNTU-CVE-2023-52616
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpiecinit When the mpiecctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this iss...
SUSE CVE-2023-52506
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node0 at initialization After commit 61167ad5fecdea "mm: pass nid to reservebootmemregion" we get a panic if DEFERREDSTRUCTPAGEINIT is enabled: 0.000000 CPU 0 Unable to handle kernel pagin...
PT-2024-14600 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 6.5.0 and earlier Description: The Linux kernel has a vulnerability that can cause a panic when DEFERRED STRUCT PAGE INIT is enabled. This occurs after a specific commit, where the node ID is set to MAX NUMNODES, resulti...
kernel: Kernel (iommufd): Information Disclosure via uninitialized memory padding
A flaw was found in the kernel. A local attacker could exploit this by triggering a missing zero initialization in the iommufd component when copying vfioiommutype1info to user space. This could lead to the disclosure of sensitive information from uninitialized memory padding...
PT-2023-35468 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.168 Description: The issue is related to the zero-initialization of the zlib workspace in btrfs. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...
Elfloader - An Architecture-Agnostic ELF File Flattener For Shellcode
elfloader is a super simple loader for ELF files that generates a flat in-memory representation of the ELF. Pair this with Rust and now you can write your shellcode in a proper, safe, high-level language. Any target that LLVM can target can be used, including custom target specifications for real...
Use of Uninitialized Resource in ms3d
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
samba: Netlogon elevation of privilege vulnerability (Zerologon)
A flaw was found in the Microsoft Windows Netlogon Remote Protocol MS-NRPC, where it reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obta...
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
RUSTSEC-2021-0014 Record::read : Custom `Read` on uninitialized buffer may cause UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized...
Record::read : Custom `Read` on uninitialized buffer may cause UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized...
Reading uninitialized memory can cause UB (`Deserializer::read_vec`)
Deserializer::readvec created an uninitialized buffer and passes it to a user-provided Read implementation Deserializer.reader.readexact. Passing an uninitialized buffer to an arbitrary Read implementation is currently defined as undefined behavior in Rust. Official documentation for the Read tra...
CVE-2017-3225
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...
Code injection
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...
BSA-2017-444
Security Advisory ID : BSA-2017-444 Component : DENX Das U-Boot Revision : 3.0: Final Das U-Boot is a devicebootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper...