59514 matches found
CVE-2022-50526
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork:...
CVE-2022-50525
In the Linux kernel, the following vulnerability has been resolved: iommu/fslpamu: Fix resource leak in fslpamuprobe The fslpamuprobe returns directly when createcsd failed, leaving irq and memories unreleased. Fix by jumping to error if createcsd returns error...
CVE-2022-50524
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Check return value after calling platformgetresource platformgetresource may return NULL pointer, we need check its return value to avoid null-ptr-deref in resourcesize...
CVE-2022-50523
In the Linux kernel, the following vulnerability has been resolved: clk: rockchip: Fix memory leak in rockchipclkregisterpll If clkregister fails, @pll-ratetable may have allocated memory by kmemdup, so it needs to be freed, otherwise will cause memory leak issue, this patch fixes it...
CVE-2022-50521
In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so...
CVE-2022-50522
In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleonparsegdd If mcbdeviceregister returns error in chameleonparsegdd, the refcount of bus and device name are leaked. Fix this by calling putdevice to give up the reference, so they can b...
CVE-2022-50520
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeonatrmgetbios As comment of pcigetclass says, it returns a pcidevice with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we...
CVE-2022-50518
In the Linux kernel, the following vulnerability has been resolved: parisc: Fix locking in pdciodcprint firmware call Utilize pdclock spinlock to protect parallel modifications of the iodcdbuf buffer, check length to prevent buffer overflow of iodcdbuf, drop the iodcretbuf buffer and fix some wro...
CVE-2022-50519
In the Linux kernel, the following vulnerability has been resolved: nilfs2: replace WARNONs by nilfserror for checkpoint acquisition failure If creation or finalization of a checkpoint fails due to anomalies in the checkpoint metadata on disk, a kernel warning is generated. This patch replaces th...
CVE-2022-50517
In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: do not clobber swpentryt during THP split The following has been observed when running stressng mmap since commit b653db77350c "mm: Clear page-private when splitting or migrating a page" watchdog: BUG: soft lockup ...
CVE-2022-50516
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...
CVE-2022-50515
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in hpdrxirqcreateworkqueue If construction of the array of work queues to handle hpdrxirq offload work fails, we need to unwind. Destroy all the created workqueues and the allocated memory for the...
CVE-2022-50514
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix refcount leak on error path When failing to allocate reportdesc, opts-refcnt has already been incremented so it needs to be decremented to avoid leaving the options structure permanently locked...
CVE-2022-50513
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix a potential memory leak in rtwinitcmdpriv In rtwinitcmdpriv, if pcmdpriv-rspallocatedbuf is allocated in failure, then pcmdpriv-cmdallocatedbuf will be not properly released. Besides, considering there are...
CVE-2022-50511
In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for getdefaultfont Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds i...
CVE-2022-50512
In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4fcrecordregions As krealloc may return NULL, in this case 'state-fcregions' may not be freed by krealloc, but 'state-fcregions' already set NULL. Then will lead to 'state-fcregions' memory...
CVE-2022-50510
In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fix hotplug callback leak in armsmmupmuinit armsmmupmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path. Simila...
CVE-2022-50509
In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for kmalloc As the kmalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others...
CVE-2025-61772
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...
CVE-2025-61771
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
CVE-2025-61770
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...
CVE-2025-61774
PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit VTK. Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use--extra-index-url. But when --extra-index-url is used, pip always...
CVE-2025-61765
python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...
CVE-2025-59734
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...
CVE-2025-59733
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...
CVE-2025-59732
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at 0 and 1 will continue to write until the next multiple of 8. The buffer...
CVE-2025-59731
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...
CVE-2025-59730
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
CVE-2025-59729
When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...
CVE-2025-61224
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...
CVE-2025-61985
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...
CVE-2025-61984
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...
CVE-2025-11277
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit...
CVE-2025-11275
A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affected by this vulnerability is the function ODDLParser::getNextSeparator in the library assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h. Such manipulation leads to heap-based buffer overflow. The...
CVE-2025-11274
A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The exploit has been...
CVE-2023-53616
In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFSIPipimap-iimap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in slabfree mm/slub.c:3661 inline BUG: KASAN: double-free in kmemcachefree+0x71/0x110 mm/slub.c:3674 Free ...
CVE-2023-53615
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The cause of the link list corruption is due to session deletion was allowed to queue up twice. Here's the internal trac...
CVE-2023-53614
In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix race with VMA iteration and mmstruct teardown exitmmap will tear down the VMAs and maple tree with the mmaplock held in write mode. Ensure that the maple tree is still valid by checking ksmtestexit after taking the...
CVE-2023-53613
In the Linux kernel, the following vulnerability has been resolved: dax: Fix daxmappingrelease use after free A CONFIGDEBUGKOBJECTRELEASE test of removing a device-dax region provider like modprobe -r daxhmem yields: kobject: 'mapping0' ffff93eb460e8800: kobjectrelease, parent 0000000000000000...
CVE-2023-53612
In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Simplify platform device handling Coretemp's platform driver is unconventional. All the real work is done globally by the initcall and CPU hotplug notifiers, while the "driver" effectively just wraps an allocation...
CVE-2023-53611
In the Linux kernel, the following vulnerability has been resolved: ipmisi: fix a memleak in trysmiinit Kmemleak reported the following leak info in trysmiinit: unreferenced object 0xffff00018ecf9400 size 1024: comm "modprobe", pid 2707763, jiffies 4300851415 age 773.308s backtrace:...
CVE-2023-53609
In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: core: Do not increase scsidevice's iorequestcnt if dispatch failed" The "atomicinc&cmd-device-iorequestcnt" in scsiqueuerq would cause kernel panic because cmd-device may be freed after returning from...
CVE-2023-53610
In the Linux kernel, the following vulnerability has been resolved: irqchip: Fix refcount leak in platformirqchipprobe ofirqfindparent returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcount leak...
CVE-2023-53608
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfsscinfo in nilfssegctorthread The finalization of nilfssegctorthread can race with nilfssegctorkillthread which terminates that thread, potentially causing a use-after-free BUG as KASAN...
CVE-2023-53607
In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fix BUGON in probe function The snddmabuffer.bytes field now contains the aligned size, which this sndBUGON did not account for, resulting in the following: 9.625915 ------------ cut here ------------ 9.633440...
CVE-2023-53605
In the Linux kernel, the following vulnerability has been resolved: drm: amd: display: Fix memory leakage This commit fixes memory leakage in dcconstructctx function...
CVE-2023-53606
In the Linux kernel, the following vulnerability has been resolved: nfsd: clean up potential nfsdfile refcount leaks in COPY codepath There are two different flavors of the nfsd4copy struct. One is embedded in the compound and is used directly in synchronous copies. The other is dynamically...
CVE-2023-53604
In the Linux kernel, the following vulnerability has been resolved: dm integrity: call kmemcachedestroy in dmintegrityinit error path Otherwise the journaliocache will leak if dmregistertarget fails...
CVE-2023-53603
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sactl is NULL and fcport is allocated after the exit call thus causing NULL fcport pointer to...
CVE-2023-53602
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leak in WMI firmware stats Memory allocated for firmware pdev, vdev and beacon statistics are not released during rmmod. Fix it by calling ath11kfwstatsfree function before hardware unregister. While at i...