Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-27429

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-20 Nov, 2023 | 19:00
Updated At-03 Aug, 2024 | 20:48
Rejected At-
Credits

Texas Instruments TI-RTOS Integer Overflow or Wraparound

Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:20 Nov, 2023 | 19:00
Updated At:03 Aug, 2024 | 20:48
Rejected At:
▼CVE Numbering Authority (CNA)
Texas Instruments TI-RTOS Integer Overflow or Wraparound

Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.

Affected Products
Vendor
Texas Instruments
Product
CC32XX
Default Status
unaffected
Versions
Affected
  • From 0 before 4.40.00.07 (custom)
Vendor
Texas Instruments
Product
SimpleLink MSP432E4XX
Default Status
unaffected
Versions
Affected
  • all versions
Vendor
Texas Instruments
Product
SimpleLink-CC13XX
Default Status
unaffected
Versions
Affected
  • From 0 before 4.40.00 (custom)
Vendor
Texas Instruments
Product
SimpleLink-CC26XX
Default Status
unaffected
Versions
Affected
  • From 0 before 4.40.00 (custom)
Vendor
Texas Instruments
Product
SimpleLink-CC32XX
Default Status
unaffected
Versions
Affected
  • From 0 before 4.10.03 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190: Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190: Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Texas Instruments CC32XX – Update to v4.40.00.07 Texas Instruments SimpleLink CC13X0 – Update to v4.10.03 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html Texas Instruments SimpleLink CC13X2-CC26X2 – Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html Texas Instruments SimpleLink CC2640R2 – Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html Texas Instruments SimpleLink MSP432E4 – Confirmed. No update currently planned

Configurations
Workarounds
Exploits
Credits
finder
David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04
N/A
https://www.ti.com/tool/TI-RTOS-MCU
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04
Resource: N/A
Hyperlink: https://www.ti.com/tool/TI-RTOS-MCU
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04
x_transferred
https://www.ti.com/tool/TI-RTOS-MCU
x_transferred
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04
Resource:
x_transferred
Hyperlink: https://www.ti.com/tool/TI-RTOS-MCU
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:20 Nov, 2023 | 19:15
Updated At:01 Dec, 2023 | 20:53

Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.4HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ti
ti
>>real-time_operating_system>>-
cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:*
ti
ti
>>cc3200>>-
cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:*
ti
ti
>>cc3220r>>-
cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:*
ti
ti
>>cc3220s>>-
cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:*
ti
ti
>>cc3220sf>>-
cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:*
ti
ti
>>cc3230s>>-
cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:*
ti
ti
>>cc3230sf>>-
cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:*
ti
ti
>>cc3235s>>-
cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:*
ti
ti
>>cc3235sf>>-
cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:*
ti
ti
>>simplelink_cc13xx_software_development_kit>>Versions before 4.40.00(exclusive)
cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:*:*:*:*:*:*:*:*
ti
ti
>>simplelink_cc26xx_software_development_kit>>Versions before 4.40.00(exclusive)
cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:*:*:*:*:*:*:*:*
ti
ti
>>simplelink_cc32xx_software_development_kit>>Versions before 4.10.03(exclusive)
cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:*
ti
ti
>>simplelink_msp432e401y>>-
cpe:2.3:a:ti:simplelink_msp432e401y:-:*:*:*:*:*:*:*
ti
ti
>>simplelink_msp432e411y>>-
cpe:2.3:a:ti:simplelink_msp432e411y:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Primarynvd@nist.gov
CWE-190Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-190
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-190
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
https://www.ti.com/tool/TI-RTOS-MCUics-cert@hq.dhs.gov
Product
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.ti.com/tool/TI-RTOS-MCU
Source: ics-cert@hq.dhs.gov
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

240Records found
CVE-2023-33038
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.97%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-14 Nov, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in Radio Interface Layer

Memory corruption while receiving a message in Bus Socket Transport Server.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresnapdragon_8_gen_1_mobile_platformsa6150p_firmwaresm6250p_firmwareqcs610315_5g_iot_modem_firmwareqca8337qca6431_firmwaresnapdragon_778g\+_5g_mobile_platformsnapdragon_870_5g_mobile_platform_firmwarewcd9360_firmwaresnapdragon_888_5g_mobile_platformwcn3950_firmwaresc8180x\+sdx55sa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155snapdragon_480_5g_mobile_platformsnapdragon_x70_modem-rf_systemcsra6620_firmwaresd_675_firmwarecsra6640_firmwaresnapdragon_460_mobile_platform_firmwareqcs6125_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcd9371_firmwarewcn3950qcn6024_firmwaresnapdragon_460_mobile_platformsd460_firmwaresm7315_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareqca8081_firmwaresa6155_firmwarewcd9375_firmwareqca6420wcd9360snapdragon_782g_mobile_platform_firmwaresnapdragon_auto_5g_modem-rf_firmwaresmart_audio_400_platform_firmwareqca6698aqqcs6125sa8155_firmwaresd662_firmwaresnapdragon_765g_5g_mobile_platformqca6430snapdragon_678_mobile_platform_firmwaresnapdragon_8\+_gen_1_mobile_platformsnapdragon_720g_mobile_platformsnapdragon_8cx_compute_platformwcd9340snapdragon_780g_5g_mobile_platformsw5100qca6436sa6155psnapdragon_765_5g_mobile_platform_firmwareqca6698aq_firmwaresnapdragon_690_5g_mobile_platformwcd9341qca6431qca6696_firmwarewcd9371wcn3910_firmwaresnapdragon_855_mobile_platform_firmwaresa8150pwsa8830_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988snapdragon_780g_5g_mobile_platform_firmwaresnapdragon_685_4g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwaresnapdragon_7c_gen_2_compute_platform_firmwaresnapdragon_730_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_675_mobile_platform_firmwareqca8337_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresw5100psnapdragon_8cx_gen_2_5g_compute_platformsnapdragon_w5\+_gen_1_wearable_platformqca6564ausnapdragon_7c\+_gen_3_computewcd9380snapdragon_782g_mobile_platformfastconnect_6700qcs410qca6430_firmwarewcd9335_firmwarewcn3980snapdragon_732g_mobile_platform_firmwareqcm4325_firmwarewcd9340_firmwarewsa8815wcn3910snapdragon_865\+_5g_mobile_platformsnapdragon_4_gen_1_mobile_platformqca6426_firmwaresm4450qcn9024wcn3980_firmwaresd730snapdragon_x50_5g_modem-rf_system_firmwareqca6421_firmwarewcn6740_firmwaresnapdragon_8cx_compute_platform_firmwareqcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemfastconnect_6900fastconnect_6900_firmwareqcn9024_firmwaresdx57mqcm4290_firmwaresnapdragon_x24_lte_modemwsa8832sw5100p_firmwareqcs610_firmwaresa6145psnapdragon_730_mobile_platformqcs4490sa8145psnapdragon_750g_5g_mobile_platformsnapdragon_888\+_5g_mobile_platform_firmwareqca6391_firmwarewcd9370_firmwaresdx55sd888_firmwaresa8155pcsra6640sd675snapdragon_695_5g_mobile_platformsnapdragon_720g_mobile_platform_firmwaresnapdragon_855_mobile_platformar8035_firmwareqcm2290snapdragon_480\+_5g_mobile_platformsnapdragon_662_mobile_platform_firmwarewsa8830sa8145p_firmwareqcs2290_firmwaresnapdragon_x24_lte_modem_firmwarecsrb31024snapdragon_865_5g_mobile_platformcsra6620qcs4290snapdragon_888_5g_mobile_platform_firmwareqca6420_firmwaresd730_firmwaresnapdragon_auto_4g_modem_firmwarewcd9370sd675_firmwaresnapdragon_480\+_5g_mobile_platform_firmwareqca6426wcn3990_firmwareqca9377wcd9385_firmwarewcd9326_firmwarefastconnect_6200snapdragon_7c_gen_2_compute_platformsd662sa8155snapdragon_x55_5g_modem-rf_systemsdx55_firmwaresnapdragon_778g_5g_mobile_platformqca6595ausm7250p_firmwareqca6436_firmwaresnapdragon_680_4g_mobile_platform_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_870_5g_mobile_platformsnapdragon_x70_modem-rf_system_firmwareqcs6490qcs8550_firmwarewcn3988_firmware315_5g_iot_modemsa6145p_firmwareqca6421sm6250fastconnect_6700_firmwaresa8195pwsa8810_firmwarewcd9326wcd9335sg4150pqca8081qcm4490snapdragon_888\+_5g_mobile_platformqca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresnapdragon_665_mobile_platform_firmwarear8035wcd9375aqt1000sc8180x\+sdx55_firmwaresm6250_firmwaresnapdragon_662_mobile_platformsnapdragon_685_4g_mobile_platformsnapdragon_768g_5g_mobile_platform_firmwareqcm6490wsa8815_firmwarewsa8835_firmwaresg4150p_firmwareqcm6125_firmwareqcm4325qcm2290_firmwaresnapdragon_855\+\/860_mobile_platform_firmwarewcn3990sd_675sd865_5gfastconnect_6800snapdragon_8c_compute_platformsd888wsa8835snapdragon_auto_5g_modem-rfsm6250psnapdragon_678_mobile_platformsnapdragon_855\+\/860_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwaresxr2130qca6574asmart_audio_400_platformqca6174asm7325psd855sm7325p_firmwaresdx57m_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_665_mobile_platformsnapdragon_730g_mobile_platformsm7315sd460qca6391snapdragon_x55_5g_modem-rf_system_firmwarefastconnect_7800aqt1000_firmwaresnapdragon_7c_compute_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_auto_4g_modemqcm4290csrb31024_firmwareqcm6490_firmwarewsa8832_firmwareqca6574ausa8155p_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm6125wsa8810snapdragon_765g_5g_mobile_platform_firmwaresnapdragon_730g_mobile_platform_firmwaresnapdragon_680_4g_mobile_platformsnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_8c_compute_platform_firmwaresnapdragon_675_mobile_platformwcn6740qca6696snapdragon_732g_mobile_platformqcs8550sa6150psnapdragon_x50_5g_modem-rf_systemsnapdragon_768g_5g_mobile_platformqcn6024snapdragon_765_5g_mobile_platformsm7250psnapdragon_8\+_gen_1_mobile_platform_firmwaresw5100_firmwareqcs410_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_firmwaresnapdragon_7c_compute_platformSnapdragon
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-6703
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.46%
||
7 Day CHG-0.01%
Published-29 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2012-6701
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.29%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-2304
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.78%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, QCN7605, QCS405, QCS605, SDA845, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920sdm845sdm660msm8920_firmwaresdx24mdm9607_firmwaremsm8940_firmwareqcs405ipq8074_firmwaresm7150_firmwaresm6150mdm9607sm7150qcn7605_firmwaremsm8917msm8937ipq4019_firmwareqcs605_firmwaresm8150_firmwaresdx24_firmwareipq8074sdm660_firmwareqcs405_firmwaresda845_firmwareqcn7605qcs605ipq4019sdx55msm8940sm6150_firmwaremsm8917_firmwaremsm8937_firmwaresm8150ipq8064sdx55_firmwaresxr1130_firmwaresxr1130ipq8064_firmwaresda845sdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-2297
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.83%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaresdm636_firmwareapq8064sdm845_firmwaremsm8996au_firmwaresdm845sdx20sdm660sdx24mdm9607_firmwaremdm9650qcs405ipq8074_firmwareqca6574aumdm9607msm8996auapq8017_firmwareapq8009_firmwareqcn7605_firmwareqcs605_firmwareipq4019_firmwaremdm9207c_firmwaremdm9206msm8905mdm9207cqca6174a_firmwareqca6174aqca9379_firmwaresm8150_firmwaresdx24_firmwareipq8074apq8096ausdm636qcs405_firmwareqca9377sda845_firmwaresdm660_firmwaresda660_firmwareqcn7605mdm9206_firmwareqcs605ipq4019apq8053apq8096au_firmwaremdm9650_firmwaresm8150sdx20_firmwaremsm8905_firmwareipq8064qca6574au_firmwaresda660apq8017apq8064_firmwareapq8009qca9379apq8053_firmwareipq8064_firmwaresda845mdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-26242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.77%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 00:00
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2012-0044
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.63%
||
7 Day CHG~0.00%
Published-17 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-linux_kernelubuntu_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-2603
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.15% / 77.61%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 00:00
Updated-24 Apr, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-fedoraenterprise_linuxlibcapdebian_linuxlibcap
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.25%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 13:44
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-24949
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.90% / 91.69%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:02
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019Windows Server 2022Windows 11 version 22H2Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-16905
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.11%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 00:00
Updated-23 Apr, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.

Action-Not Available
Vendor-n/aOpenBSDNetApp, Inc.Siemens AG
Product-scalance_x204rna_eccopensshscalance_x204rna_firmwaresteelstore_cloud_integrated_storagecloud_backupscalance_x204rnascalance_x204rna_ecc_firmwaren/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2011-1823
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-67.78% / 98.52%
||
7 Day CHG~0.00%
Published-09 Jun, 2011 | 10:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-29||Apply updates per vendor instructions.

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.

Action-Not Available
Vendor-n/aAndroidGoogle LLC
Product-androidn/aAndroid OS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-13994
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.17%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the actual packet size can lead to memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9640_firmwareqcs610sdm450_firmwaresdm632qcs404_firmwaremdm9650mdm9645apq8009_firmwaremsm8917sdm670qcs605_firmwaresda845_firmwaresa415mbitraapq8098qcn7605mdm9206_firmwarebitra_firmwaremsm8905_firmwaresda660sdx55_firmwareqca8081_firmwaresxr1130apq8053_firmwaresda845sa6155p_firmwaresdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresa415m_firmwareqcs405qm215sc7180_firmwareapq8017_firmwaresdm710_firmwaresa6155pqca8081msm8937msm8905sm8150_firmwaremsm8909sxr2130_firmwaremdm9655rennellsc7180msm8953_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850kamortaapq8017msm8996saipanmdm9640kamorta_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdx24sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausdm429w_firmwaresm7150sxr2130sc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwareipq8074sdm636ipq6018_firmwaremdm9205qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresxr1130_firmwareapq8009msm8909_firmwarenicobarsdm850_firmwaremsm8920msm8953sdx20qcm2150msm8920_firmwaresdm660sc8180x_firmwareipq8074_firmwaresdm710mdm9607mdm9645_firmwareqcn7605_firmwareqcs610_firmwaremdm9150msm8996_firmwareipq6018apq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8940apq8053apq8096au_firmwaresm8250nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-13998
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9640_firmwareqcs610sdm450_firmwaresdm632qcs404_firmwaremdm9650mdm9645apq8009_firmwaremsm8917sdm670qcs605_firmwaresda845_firmwaresa415mbitraapq8098qcn7605mdm9206_firmwarebitra_firmwaremsm8905_firmwaresda660sdx55_firmwareqca8081_firmwaresxr1130apq8053_firmwaresda845sa6155p_firmwaresdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresa415m_firmwareqcs405qm215sc7180_firmwareapq8017_firmwaresdm710_firmwaresa6155pqca8081msm8937msm8905sm8150_firmwaremsm8909sxr2130_firmwaremdm9655rennellsc7180msm8953_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850kamortaapq8017msm8996saipanmdm9640kamorta_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdx24sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausdm429w_firmwaresm7150sxr2130sc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwareipq8074sdm636ipq6018_firmwaremdm9205qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresxr1130_firmwareapq8009msm8909_firmwarenicobarsdm850_firmwaremsm8920msm8953sdx20qcm2150msm8920_firmwaresdm660sc8180x_firmwareipq8074_firmwaresdm710mdm9607mdm9645_firmwareqcn7605_firmwareqcs610_firmwaremdm9150msm8996_firmwareipq6018apq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8940apq8053apq8096au_firmwaresm8250nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14056
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9150, MDM9205, MDM9607, MDM9650, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwarekamorta_firmwaremdm9150_firmwaresa6155p_firmwareqcs610sdm636_firmwaresdm845sdm660sdm630qcs404_firmwaremdm9607_firmwaremdm9650sc8180x_firmwareqcs405sm7150_firmwaresdm710sc7180_firmwaremdm9607sm6150sdm710_firmwaresm7150sa6155psdm670qcs610_firmwaremdm9150qcs605_firmwaresc8180xsxr2130sdm670_firmwareqcs404sm8150_firmwaresxr2130_firmwaresdm636qcs405_firmwarerennellsc7180sda845_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwaremdm9205qcs605sdx55sm6150_firmwaremdm9650_firmwaresm8150sdm850sda660kamortasdx55_firmwaresxr1130_firmwarenicobar_firmwaresxr1130sdm660_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14135
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer overflow to buffer overflow in WLAN while parsing nonstandard NAN IE messages. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4010, QCA6174A, QCA6574AU, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS405, QCS605, SA6155P, Saipan, SDA845, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaremsm8996au_firmwaresdm845sdx24mdm9650sm7150_firmwaresm6150msm8996ausm7150qca4010_firmwareapq8009_firmwaresdm670qcs605_firmwaremdm9206qca9379_firmwareqca6174asdm670_firmwaresdx24_firmwareqca6584au_firmwareipq8074sda845_firmwareqca9377qcn7605mdm9206_firmwareqcs605qca9886mdm9640mdm9650_firmwareqca6574au_firmwaresxr1130_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845sdm850_firmwareqca6584ausa6155p_firmwaresdx20sdm660mdm9607_firmwareqcs405ipq8074_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwareqca4010sa6155pqca8081mdm9207c_firmwaremdm9207cqca6174a_firmwareqca9886_firmwaresm8150_firmwareapq8096auqcs405_firmwareapq8053apq8096au_firmwaresaipan_firmwaresm6150_firmwaresm8150sdx20_firmwaresdm850apq8017saipanqca9379sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14051
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 05:00
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206mdm9206_firmwaremdm9607_firmwaremdm9607Snapdragon Industrial IOT
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14074
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9640_firmwareqcs610sdm450_firmwaresdm632qcs404_firmwaremdm9650mdm9645apq8009_firmwaremsm8917sdm670qcs605_firmwareapq8076apq8076_firmwaresda845_firmwaresa415mbitraapq8098qcn7605mdm9206_firmwarebitra_firmwaremsm8905_firmwaresda660sdx55_firmwareqca8081_firmwaresxr1130msm8909wapq8053_firmwaresda845sa6155p_firmwaresdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresa415m_firmwareqcs405qm215sc7180_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwaresa6155pqca8081msm8937msm8905sm8150_firmwaremsm8909sxr2130_firmwaremdm9655rennellsc7180mdm9625msm8953_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850kamortaapq8017msm8996saipanmdm9640kamorta_firmwaremdm9635m_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdx24sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150sxr2130sc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwareipq8074sdm636mdm9635mipq6018_firmwaremdm9205qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresxr1130_firmwareapq8009msm8909_firmwarenicobarsdm850_firmwaremsm8920msm8953sdx20qcm2150msm8920_firmwaresdm660sc8180x_firmwareipq8074_firmwaresdm710mdm9607mdm9645_firmwareqcn7605_firmwareqcs610_firmwaremdm9150mdm9207c_firmwaremsm8996_firmwareipq6018mdm9207capq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8940apq8053apq8096au_firmwaresm8250nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-0587
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.02% / 2.63%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an integer overflow vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-10585
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.69%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaremsm8953sdm450sdm845_firmwaresdm429wsdm632_firmwaresdm845sdm450_firmwaresdm632sdm660sdx24sdm439mdm9607_firmwaresm8250_firmwaresdm429sdm710msm8909w_firmwaremdm9607qm215sdm429w_firmwaresm6150sdm710_firmwareapq8009apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresdm670_firmwaresm8150_firmwaresdx24_firmwaresxr2130_firmwaresdm439_firmwaresda845_firmwareqm215_firmwareqcs605sdx55msm8953_firmwareapq8053sm6150_firmwaresm8250msm8917_firmwaresdm429_firmwaresm8150sxr1130_firmwaresdx55_firmwarenicobar_firmwaremsm8909wsxr1130apq8053_firmwaresdm660_firmwaresda845nicobarmdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-21375
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.29%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Sep, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-34513
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.64% / 81.21%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-19 Nov, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-31333
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.39%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 21:56
Updated-17 Dec, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Imagination Technologies LimitedGoogle LLC
Product-androidAndroidandroidpowervr-gpu
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-40994
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.45%
||
7 Day CHG~0.00%
Published-12 Jul, 2024 | 12:37
Updated-04 May, 2025 | 09:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ptp: fix integer overflow in max_vclocks_store

In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-38215
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.95%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-38034
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.48% / 64.07%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Filtering Platform Elevation of Privilege Vulnerability

Windows Filtering Platform Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2008 R2 Service Pack 1Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-38080
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-18.05% / 94.92%
||
7 Day CHG-1.92%
Published-09 Jul, 2024 | 17:02
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-07-30||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Hyper-V Elevation of Privilege Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_11_21h2windows_11_22h2windows_server_2022windows_server_2022_23h2Windows 11 version 22H3Windows 11 version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022Windows
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-0678
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.48%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 17:05
Updated-30 Aug, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data

A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.

Action-Not Available
Vendor-GNURed Hat, Inc.
Product-openshift_container_platformenterprise_linuxgrub2Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-45575
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.62%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-09 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in Camera Driver

Memory corruption Camera kernel when large number of devices are attached through userspace.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwaresnapdragon_429_mobile_firmwarefastconnect_7800_firmwarewcn3620_firmwarewcd9385wsa8835sxr2230p_firmwarewcn3660bwcd9385_firmwaresxr2230pwcn3620sdm429w_firmwarewsa8830wsa8830_firmwarewsa8835_firmwaresxr2250p_firmwarewcd9380snapdragon_8_gen_1_mobile_firmwaresnapdragon_429_mobilefastconnect_6900sdm429wfastconnect_6900_firmwaresnapdragon_8_gen_1_mobilewsa8832_firmwarewsa8832wcn3660b_firmwarefastconnect_7800sxr2250pSnapdragon
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-43623
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.71% / 71.27%
||
7 Day CHG+0.05%
Published-12 Nov, 2024 | 17:53
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NT OS Kernel Elevation of Privilege Vulnerability

Windows NT OS Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_11_24h2windows_server_2008windows_10_1809windows_10_21h2windows_10_1507windows_server_2022_23h2windows_10_1607windows_server_2025windows_11_23h2windows_server_2022windows_server_2016windows_server_2019windows_11_22h2windows_10_22h2Windows Server 2022Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025Windows Server 2008 Service Pack 2Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2008 Service Pack 2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-42136
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.11%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 07:46
Updated-21 May, 2025 | 09:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cdrom: rearrange last_media_change check to avoid unintentional overflow

In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 366.027518] Call Trace: [ 366.027523] <TASK> [ 366.027533] dump_stack_lvl+0x93/0xd0 [ 366.027899] handle_overflow+0x171/0x1b0 [ 366.038787] ata1.00: invalid multi_count 32 ignored [ 366.043924] cdrom_ioctl+0x2c3f/0x2d10 [ 366.063932] ? __pm_runtime_resume+0xe6/0x130 [ 366.071923] sr_block_ioctl+0x15d/0x1d0 [ 366.074624] ? __pfx_sr_block_ioctl+0x10/0x10 [ 366.077642] blkdev_ioctl+0x419/0x500 [ 366.080231] ? __pfx_blkdev_ioctl+0x10/0x10 ... Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rearrange the check to not perform any arithmetic, thus not tripping the sanitizer.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-43641
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.20%
||
7 Day CHG+0.01%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Registry Elevation of Privilege Vulnerability

Windows Registry Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_24h2windows_server_2025windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2008 Service Pack 2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-1059
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.66%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 15:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not validated, which may lead to integer overflow, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Manager
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-0881
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396350

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-0882
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395803

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-0884
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.33%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270393454

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-0874
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399633

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-0880
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396792

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-0875
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400061

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-35457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 45.11%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 22:25
Updated-04 Aug, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented

Action-Not Available
Vendor-n/aThe GNOME Project
Product-glibn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found