DEBIAN-CVE-2023-52874

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Zero out the missing RSI in TDXHYPERCALL macro In the TDXHYPERCALL asm, after the TDCALL instruction returns from the untrusted VMM, the registers that the TDX guest shares to the VMM need to be cleared to avoid...

DEBIAN-CVE-2024-26638

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

UBUNTU-CVE-2024-26638

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

UBUNTU-CVE-2023-52436

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed...

CVE-2023-36980

An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold...

PT-2023-25761 · Unknown · Ethereum Blockchain

Name of the Vulnerable Software and Affected Versions: Ethereum Blockchain version 0.1.1+commit.6ff4cd6 Description: An issue in the Ethereum Blockchain causes the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold. Recommendations: For Ethereum Blockchain...

Kodi Home Theater Software 数字错误漏洞

Kodi Home Theater Software is an award-winning free and open source GPL software media player and digital media entertainment center from the individual developer Peter Frühberger. A security vulnerability exists in Kodi Home Theater Software version 19.5 and earlier, which stems from a de-zeroin...

CVE-2021-26354

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity...

PT-2023-12088 · Microsoft · Asp

Name of the Vulnerable Software and Affected Versions: ASP affected versions not specified Description: Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL, which may cause arbitrary memory values to be initialized to zero, potentially leading t...

kernel: x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix copyxstatetouabi to copy init states correctly When an extended state component is not present in fpstate, but in init state, the function copies from initfpstate via copyfeature. But, dynamic states are not present ...

SUSE CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

SUSE CVE-2022-26365

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

SUSE CVE-2022-33741

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

SUSE CVE-2022-33740

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

PT-2025-54163

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel where the zero page can be corrupted when using dm-flakey with corrupt bio writes enabled. This corruption occurs because the blkdev issue zero pages...

PT-2024-11820 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the igb driver, where a mailbox message for VF reset is not properly initialized when a MAC address is no...

PT-2022-35183 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.2 Description: The issue is related to the scsi: stex component, where the passthrough command structure is not properly zeroed out. This is an automated ID intended to aid in discovery of potential securit...

PT-2022-35411 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.74 Description: The issue is related to the scsi: stex component, where the passthrough command structure is not properly zeroed out. The actual impact and attack plausibility have not yet been proven...

GSD-2022-1005254 kasan: fix zeroing vmalloc memory with HW_TAGS

kasan: fix zeroing vmalloc memory with HWTAGS This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...

Important: kernel

Issue Overview: Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend...