Yocto@4.0 Security Vulnerabilities and Issues — Yocto@4.0 CVE List

Lucene search

LinuxfoundationYocto4.0

12 matches found

CVE•added 2024/04/01 3:15 a.m.•92 views

CVE-2024-20040

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530...

8.8CVSS7.3AI score0.00888EPSS

CVE•added 2024/05/06 3:15 a.m.•89 views

CVE-2023-32871

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.

5.3CVSS7AI score0.00004EPSS

CVE•added 2024/04/01 3:15 a.m.•71 views

CVE-2024-20055

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.

6.3CVSS6AI score0.00024EPSS

CVE•added 2024/07/01 5:15 a.m.•63 views

CVE-2024-20081

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412.

9.8CVSS7.2AI score0.00049EPSS

CVE•added 2024/11/04 2:15 a.m.•57 views

CVE-2024-20104

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772.

8.4CVSS7.2AI score0.00011EPSS

CVE•added 2024/07/01 5:15 a.m.•50 views

CVE-2024-20080

In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.

9.8CVSS7.5AI score0.00149EPSS

CVE•added 2024/09/02 5:15 a.m.•43 views

CVE-2024-20085

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.

4.4CVSS6.2AI score0.00012EPSS

CVE•added 2024/10/07 3:15 a.m.•40 views

CVE-2024-20099

In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625.

6.7CVSS7.2AI score0.0001EPSS

CVE•added 2024/09/02 5:15 a.m.•39 views

CVE-2024-20084

4.4CVSS6.2AI score0.00012EPSS

CVE•added 2024/09/02 5:15 a.m.•38 views

CVE-2024-20089

In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.

7.5CVSS7AI score0.00223EPSS

CVE•added 2024/10/07 3:15 a.m.•37 views

CVE-2024-20098

6.7CVSS7.2AI score0.0001EPSS

CVE•added 2024/11/04 2:15 a.m.•36 views

CVE-2024-20107

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823.

6.2CVSS6.2AI score0.00005EPSS