21761 matches found
wifi: mac80211: fix NULL dereference at band check in starting tx ba session
...
ksmbd: fix Preauh_HashValue race condition
...
block: fix uaf for flush rq while iterating tags
...
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
...
mm: zswap: properly synchronize freeing resources during CPU hotunplug
...
drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
...
Usage of unsafe random function in form-data for choosing boundary
...
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
...
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
...
bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
...
Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init
...
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
...
Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
...
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
...
wifi: virt_wifi: avoid reporting connection success with wrong SSID
...
scsi: hisi_sas: Create all dump files during debugfs initialization
...
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.
...
Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
...
usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
...
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
...
drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe
...
uprobe: avoid out-of-bounds memory access of fetching args
...
Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc
...
smb: prevent use-after-free due to open_cached_dir error paths
...
wifi: ath10k: avoid NULL pointer error during sdio remove
...
bnxt_en: Fix receive ring space parameters when XDP is active
...
An unlimited recursion in DxeCore in EDK II.
...
Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.
...
Mishandling of corrupt central directory record in archive/zip
...
Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init
...
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
...
atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
...
net: batman-adv: fix error handling
...
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
...
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
...
HID: core: Harden s32ton() against conversion to 0 bits
...
RDMA/siw: Remove direct link to net_device
...
Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc
...
tpm: Lock TPM chip in tpm_pm_suspend() first
...
vfio/fsl-mc: Block calling interrupt handler without trigger
...
kunit/overflow: Fix UB in overflow_allocation_test
...
fsdax: Fix infinite loop in dax_iomap_rw()
...
vfio/pci: Disable auto-enable of exclusive INTx IRQ
...
Perl: write past buffer end via illegal user-defined unicode property
...
drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
...
vmci: Prevent the dispatching of uninitialized payloads
...
KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush
...
An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.
...
ksmbd: validate payload size in ipc response
...
srcu: Tighten cleanup_srcu_struct() GP checks
...