VYPR

Vendor CVEs

Linux

All CVEs

15,975 total · sorted by risk
  • CVE-2024-53062HigNov 19, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: media: mgb4: protect driver against spectre Frequency range is set from sysfs via frequency_range_store(), being vulnerable to spectre, as reported by smatch: drivers/media/pci/mgb4/mgb4_cmt.c:231…

  • CVE-2024-50301HigNov 19, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uid_eq…

  • CVE-2024-50286HigNov 19, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create There is a race condition between ksmbd_smb2_session_create and ksmbd_expire_session. This patch add missing sessions_table_lock while…

  • CVE-2024-50279HigNov 19, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes…

  • CVE-2024-50278HigNov 19, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This happens because…

  • CVE-2024-50275HigNov 19, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set…

  • CVE-2024-50268HigNov 19, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() The "*cmd" variable can be controlled by the user via debugfs. That means "new_cam" can be as high as 255 while the size of the…

  • CVE-2024-50250HigNov 9, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very very broken, which bfoster's recent fsx changes have exposed. If the pos and len…

  • CVE-2024-50247HigNov 9, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off.

  • CVE-2024-50234HigNov 9, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: Clear stale interrupts before resuming device iwl4965 fails upon resume from hibernation on my laptop. The reason seems to be a stale interrupt which isn't being cleared out before interrupts…

  • CVE-2024-50227HigNov 9, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan() KASAN reported following issue: BUG: KASAN: stack-out-of-bounds in tb_retimer_scan+0xffe/0x1550 [thunderbolt] Read of size 4 at…

  • CVE-2024-50193HigNov 8, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: x86/entry_32: Clear CPU buffers after register restore in NMI return CPU buffers are currently cleared after call to exc_nmi, but before register state is restored. This may be okay for MDS mitigation but not…

  • CVE-2024-50164HigNov 7, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEM_UNINIT's meaning Lonial reported an issue in the BPF verifier where check_mem_size_reg() has the following code: if (!tnum_is_const(reg->var_off)) /* For unprivileged…

  • CVE-2024-50154HigNov 7, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to …

  • CVE-2024-50128HigNov 5, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. Exactly same bug cause as…

  • CVE-2024-50123HigNov 5, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. Fix it by adding the missing BPF_LINK_TYPE invocation for sockmap…

  • CVE-2024-50115HigNov 5, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't…

  • CVE-2024-50106HigNov 5, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has…

  • CVE-2024-50086HigOct 29, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add session_lock when setting…

  • CVE-2024-50061HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And…

  • CVE-2024-50059HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition In the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev function, then…

  • CVE-2024-50042HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ice: Fix increasing MSI-X on VF Increasing MSI-X value on a VF leads to invalid memory operations. This is caused by not reallocating some arrays. Reproducer: modprobe ice echo 0 >…

  • CVE-2024-50036HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: do not delay dst_entries_add() in dst_release() dst_entries_add() uses per-cpu data that might be freed at netns dismantle from ip6_route_net_exit() calling dst_entries_destroy() Before…

  • CVE-2024-50035HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is called with an empty skb. …

  • CVE-2024-50033HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the size of the packet was at…

  • CVE-2022-49032HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr…

  • CVE-2022-49031HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by…

  • CVE-2022-49001HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: riscv: fix race when vmap stack overflow Currently, when detecting vmap stack overflow, riscv firstly switches to the so called shadow stack, then use this shadow stack to call the get_overflow_stack() to get…

  • CVE-2022-48999HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference Gwangun Jung reported a slab-out-of-bounds access in fib_nh_match: fib_nh_match+0xf98/0x1130…

  • CVE-2022-48988HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the specified control fd to route the write call. As a cgroup interface file can't…

  • CVE-2022-48967HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at…

  • CVE-2022-48966HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs…

  • CVE-2024-49981HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venus_remove due to race condition in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle error. The code use core->sys_err_done to…

  • CVE-2024-49928HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid reading out of bounds when loading TX power FW elements Because the loop-expression will do one more time before getting false from cond-expression, the original code copied one more entry…

  • CVE-2024-49903HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uaf in dbFreeBits [syzbot reported] ================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG:…

  • CVE-2024-49900HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of new_ea in ea_buffer syzbot reports that lzo1x_1_do_compress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in…

  • CVE-2024-49874HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition In the svc_i3c_master_probe function, &master->hj_work is bound with svc_i3c_master_hj_work, &master->ibi_work…

  • CVE-2024-49862HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: Fix off by one in get_rpi() The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have NR_RAPL_PRIMITIVES number of elements. Thus the > needs to be >= to prevent an off by one…

  • CVE-2024-49861HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map (like in case of .rodata), it was still possible to write into it from a BPF program side through…

  • CVE-2024-49860HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.

  • CVE-2024-49855HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbd_requeue_cmd(), normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free…

  • CVE-2024-47757HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory…

  • CVE-2024-47747HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once…

  • CVE-2024-47741HigOct 21, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race setting file private on concurrent lseek using same fd When doing concurrent lseek(2) system calls against the same file descriptor, using multiple threads belonging to the same process, we…

  • CVE-2024-47723HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds.…

  • CVE-2024-47721HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading The handler of firmware C2H event RTW89_MAC_C2H_FUNC_READ_WOW_CAM isn't implemented, but driver expects…

  • CVE-2024-47686HigOct 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() The psc->div[] array has psc->num_div elements. These values come from when we call clk_hw_register_div(). It's adc_divisors and…

  • CVE-2024-46865HigSep 27, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized.

  • CVE-2024-46858HigSep 27, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action …

  • CVE-2024-46854HigSep 27, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is…

Page 53 of 320