Total
7417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-53162 | 1 Linux | 1 Linux Kernel | 2025-03-06 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read. | |||||
| CVE-2024-56555 | 1 Linux | 1 Linux Kernel | 2025-03-06 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: binder: fix OOB in binder_add_freeze_work() In binder_add_freeze_work() we iterate over the proc->nodes with the proc->inner_lock held. However, this lock is temporarily dropped to acquire the node->lock first (lock nesting order). This can race with binder_deferred_release() which removes the nodes from the proc->nodes rbtree and adds them into binder_dead_nodes list. This leads to a broken iteration in binder_add_freeze_work() as rb_next() will use data from binder_dead_nodes, triggering an out-of-bounds access: ================================================================== BUG: KASAN: global-out-of-bounds in rb_next+0xfc/0x124 Read of size 8 at addr ffffcb84285f7170 by task freeze/660 CPU: 8 UID: 0 PID: 660 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #18 Hardware name: linux,dummy-virt (DT) Call trace: rb_next+0xfc/0x124 binder_add_freeze_work+0x344/0x534 binder_ioctl+0x1e70/0x25ac __arm64_sys_ioctl+0x124/0x190 The buggy address belongs to the variable: binder_dead_nodes+0x10/0x40 [...] ================================================================== This is possible because proc->nodes (rbtree) and binder_dead_nodes (list) share entries in binder_node through a union: struct binder_node { [...] union { struct rb_node rb_node; struct hlist_node dead_node; }; Fix the race by checking that the proc is still alive. If not, simply break out of the iteration. | |||||
| CVE-2025-21741 | 1 Linux | 1 Linux Kernel | 2025-03-06 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix DPE OoB read Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header. | |||||
| CVE-2025-21742 | 1 Linux | 1 Linux Kernel | 2025-03-06 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based on the `wNdpIndex` value in NTH16. Only the start position of NDP16 was checked, so it was possible for even the fixed-length part of NDP16 to extend past the end of URB, leading to an out-of-bounds read. On iOS devices, the NDP16 header always directly follows NTH16. Rely on and check for this specific format. This, along with NCM-specific minimal URB length check that already exists, will ensure that the fixed-length part of NDP16 plus a set amount of DPEs fit within the URB. Note that this commit alone does not fully address the OoB read. The limit on the amount of DPEs needs to be enforced separately. | |||||
| CVE-2023-29419 | 1 Bzip3 Project | 1 Bzip3 | 2025-03-05 | N/A | 6.5 MEDIUM |
| An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read. | |||||
| CVE-2023-29418 | 1 Bzip3 Project | 1 Bzip3 | 2025-03-05 | N/A | 6.5 MEDIUM |
| An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read. | |||||
| CVE-2023-20674 | 4 Google, Linux, Mediatek and 1 more | 38 Android, Linux Kernel, Mt5221 and 35 more | 2025-03-05 | N/A | 4.4 MEDIUM |
| In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552. | |||||
| CVE-2025-21743 | 1 Linux | 1 Linux Kernel | 2025-03-05 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength > U16_MAX. This could lead to an OoB read. Move the wDatagramIndex term to the other side of the inequality. An existing condition ensures that wDatagramIndex < urb->actual_length. | |||||
| CVE-2022-47458 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | |||||
| CVE-2022-48701 | 1 Linux | 1 Linux Kernel | 2025-03-05 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of it's interfaces less than 4, an out-of-bounds read bug occurs when parsing the interface descriptor for this device. Fix this by checking the number of interfaces. | |||||
| CVE-2025-22226 | 2025-03-05 | N/A | 7.1 HIGH | ||
| VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | |||||
| CVE-2025-20042 | 1 Openatom | 1 Openharmony | 2025-03-04 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read. | |||||
| CVE-2025-20021 | 1 Openatom | 1 Openharmony | 2025-03-04 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | |||||
| CVE-2024-10496 | 1 Ni | 1 Labview | 2025-03-04 | N/A | 7.8 HIGH |
| An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. | |||||
| CVE-2024-10495 | 1 Ni | 1 Labview | 2025-03-04 | N/A | 7.8 HIGH |
| An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. | |||||
| CVE-2024-10494 | 1 Ni | 1 Labview | 2025-03-04 | N/A | 7.8 HIGH |
| An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. | |||||
| CVE-2025-23418 | 1 Openatom | 1 Openharmony | 2025-03-04 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | |||||
| CVE-2025-22847 | 2025-03-04 | N/A | 3.3 LOW | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | |||||
| CVE-2025-22841 | 2025-03-04 | N/A | 3.3 LOW | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | |||||
| CVE-2025-22443 | 2025-03-04 | N/A | 3.3 LOW | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | |||||