4 matches found
CVE-2024-38587
CVE-2024-38587 is a Linux kernel vulnerability where the Speakup code used sizeof() on a buf that is actually an array of 256 u16 values. The correct check is to use ARRAY_SIZE(), which yields 256, instead of sizeof() which yielded 512, avoiding a potential out-of-bounds access. The connected Nes...
CVE-2024-46709
CVE-2024-46709 concerns the Linux kernel’s drm/vmwgfx code. The issue arises when handling external buffers during mapping, where code could access pages directly instead of using the dma_buf interface. The fixed behavior requires that external buffers created from dma_bufs be mapped via the dma_...
CVE-2024-38595
CVE-2024-38595 affects the Linux kernel mlx5 subsystem: a patch changing register devlink flow did not update the peer devlink set logic, triggering a call trace when peer devlink set is done after devl_register. The fix aligns peer devlink set logic with the register flow to prevent the trace. I...
CVE-2025-38441
CVE-2025-38441 affects the Linux kernel netfilter flowtable nf_flow_pppoe_proto() where the Ethernet header was not accounted for in PPPoE offload logic, leading to potential use of uninitialized data (KMSAN). The vulnerability is locally exploitable; CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/I:N/A:H with...