Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-23440

Summary
Assigner-Fluid Attacks
Assigner Org ID-84fe0718-d6bb-4716-a7e8-81a6d1daa869
Published At-13 Feb, 2024 | 15:01
Updated At-19 May, 2025 | 18:21
Rejected At-
Credits

Vba32 Antivirus v3.36.0 - Arbitrary Memory Read

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Fluid Attacks
Assigner Org ID:84fe0718-d6bb-4716-a7e8-81a6d1daa869
Published At:13 Feb, 2024 | 15:01
Updated At:19 May, 2025 | 18:21
Rejected At:
▼CVE Numbering Authority (CNA)
Vba32 Antivirus v3.36.0 - Arbitrary Memory Read

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.

Affected Products
Vendor
VirusBlokAda
Product
Vba32 Antivirus
Platforms
  • Windows
Default Status
unknown
Versions
Affected
  • 3.36.0
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-540CAPEC-540 Overread Buffers
CAPEC ID: CAPEC-540
Description: CAPEC-540 Overread Buffers
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://fluidattacks.com/advisories/adderley/
third-party-advisory
https://www.anti-virus.by/vba32
product
Hyperlink: https://fluidattacks.com/advisories/adderley/
Resource:
third-party-advisory
Hyperlink: https://www.anti-virus.by/vba32
Resource:
product
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://fluidattacks.com/advisories/adderley/
third-party-advisory
x_transferred
https://www.anti-virus.by/vba32
product
x_transferred
Hyperlink: https://fluidattacks.com/advisories/adderley/
Resource:
third-party-advisory
x_transferred
Hyperlink: https://www.anti-virus.by/vba32
Resource:
product
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:help@fluidattacks.com
Published At:13 Feb, 2024 | 15:15
Updated At:19 May, 2025 | 19:15

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Secondary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CPE Matches

anti-virus
anti-virus
>>vba32>>3.36.0
cpe:2.3:a:anti-virus:vba32:3.36.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Secondaryhelp@fluidattacks.com
CWE ID: CWE-125
Type: Secondary
Source: help@fluidattacks.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://fluidattacks.com/advisories/adderley/help@fluidattacks.com
Third Party Advisory
https://www.anti-virus.by/vba32help@fluidattacks.com
Product
https://fluidattacks.com/advisories/adderley/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.anti-virus.by/vba32af854a3a-2127-422b-91ae-364da2661108
Product
Hyperlink: https://fluidattacks.com/advisories/adderley/
Source: help@fluidattacks.com
Resource:
Third Party Advisory
Hyperlink: https://www.anti-virus.by/vba32
Source: help@fluidattacks.com
Resource:
Product
Hyperlink: https://fluidattacks.com/advisories/adderley/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.anti-virus.by/vba32
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

205Records found

CVE-2024-44199
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.47%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 23:53
Updated-24 Mar, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-20531
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.38%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:40
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have an out-of-bounds Read. The Samsung IDs are SVE-2019-15692, SVE-2019-15693 (December 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-6610
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.90%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 16:58
Updated-04 Aug, 2025 | 05:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: oob access in smb2_dump_detail

An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, Inc
Product-enterprise_linuxlinux_kernelRed Hat Enterprise Linux 7RHOL-5.8-RHEL-9Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update Support
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-18390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.

Action-Not Available
Vendor-virglrenderer_projectn/aDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-virglrendererdebian_linuxleapenterprise_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52598
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.41%
||
7 Day CHG~0.00%
Published-06 Mar, 2024 | 06:45
Updated-04 May, 2025 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
s390/ptrace: handle setting of fpc register correctly

In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control (fpc) register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the tracing process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space fpc register value, however it will be discarded, when returning to user space. In result the tracer will incorrectly continue to run with the value that was supposed to be used for the traced process. Fix this by saving fpu register contents with save_fpu_regs() before using test_fp_ctl().

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52565
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.67%
||
7 Day CHG~0.00%
Published-02 Mar, 2024 | 21:59
Updated-04 May, 2025 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
media: uvcvideo: Fix OOB read

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52501
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.13%
||
7 Day CHG~0.00%
Published-02 Mar, 2024 | 21:52
Updated-19 Jun, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ring-buffer: Do not attempt to read past "commit"

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and handle it, but that code missed the case where the last event was at the very end of the page and has only 4 bytes left. The checks to detect the corruption by the writer to reads needs to see the length of the event. If the length in the first 4 bytes is zero then the length is stored in the second 4 bytes. But if the writer is in the process of updating that code, there's a small window where the length in the first 4 bytes could be zero even though the length is only 4 bytes. That will cause rb_event_length() to read the next 4 bytes which could happen to be off the allocated page. To protect against this, fail immediately if the next event pointer is less than 8 bytes from the end of the commit (last byte of data), as all events must be a minimum of 8 bytes anyway.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52827
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 15:31
Updated-04 May, 2025 | 07:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read in the following message iteration and parsing. The same issue also applies to ppdu_info->ppdu_stats.common.num_users, so validate it before using too. These are found during code review. Compile test only.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52504
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.48%
||
7 Day CHG~0.00%
Published-02 Mar, 2024 | 21:52
Updated-04 May, 2025 | 07:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
x86/alternatives: Disable KASAN in apply_alternatives()

In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disable KASAN in apply_alternatives() Fei has reported that KASAN triggers during apply_alternatives() on a 5-level paging machine: BUG: KASAN: out-of-bounds in rcu_is_watching() Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ... On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57) gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on __VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled(). KASAN gets confused when apply_alternatives() patches the KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue. Fix it for real by disabling KASAN while the kernel is patching alternatives. [ mingo: updated the changelog ]

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52525
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-02 Mar, 2024 | 21:52
Updated-04 May, 2025 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet Only skip the code path trying to access the rfc1042 headers when the buffer is too small, so the driver can still process packets without rfc1042 headers.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52766
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.93%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 15:30
Updated-04 May, 2025 | 07:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access will occur from rings->headers[i] access when i >= number of allocated ring headers.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52519
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.17%
||
7 Day CHG~0.00%
Published-02 Mar, 2024 | 21:52
Updated-04 May, 2025 | 07:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit The EHL (Elkhart Lake) based platforms provide a OOB (Out of band) service, which allows to wakup device when the system is in S5 (Soft-Off state). This OOB service can be enabled/disabled from BIOS settings. When enabled, the ISH device gets PME wake capability. To enable PME wakeup, driver also needs to enable ACPI GPE bit. On resume, BIOS will clear the wakeup bit. So driver need to re-enable it in resume function to keep the next wakeup capability. But this BIOS clearing of wakeup bit doesn't decrement internal OS GPE reference count, so this reenabling on every resume will cause reference count to overflow. So first disable and reenable ACPI GPE bit using acpi_disable_gpe().

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52507
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.36%
||
7 Day CHG~0.00%
Published-02 Mar, 2024 | 21:52
Updated-04 May, 2025 | 07:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nfc: nci: assert requested protocol is valid

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum defined so it doesn't potentially perform a shift-out-of-bounds and provide a clearer error for undefined protocols vs unsupported ones.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14053
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When attempting to create a new XFRM policy, a stack out-of-bounds read will occur if the user provides a template where the mode is set to a value that does not resolve to a valid XFRM mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCA4531, QCN7605, QCS605, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca4531_firmwaremdm9640_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429sm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sxr2130qcs605_firmwaresc8180xipq4019_firmwaremdm9206sdx24_firmwareipq8074sdm636sda845_firmwaresa415mqca4531apq8098qcn7605mdm9206_firmwareqcs605sdm429_firmwaremdm9650_firmwaremsm8905_firmwaresda660sdx55_firmwaremsm8909wapq8009apq8053_firmwaresda845msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20sdm660sdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwaresa415m_firmwareipq8074_firmwareqm215mdm9607qcn7605_firmwaremdm9207c_firmwaremsm8905mdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwaresdm630_firmwaresda660_firmwareqm215_firmwareipq4019sdx55msm8953_firmwareapq8053sm6150_firmwareapq8096au_firmwaresm8250msm8917_firmwaresm8150sdx20_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14081
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.70%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to be enforced in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ8074, MSM8998, QCA8081, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm636_firmwareapq8098_firmwaresdm845msm8998_firmwaresdm660sdm630ipq8074_firmwaresdm710sdm710_firmwareqcn7605_firmwaresdm670qca8081qcs605_firmwaresdm670_firmwaresm8150_firmwareipq8074sdm636sda845_firmwaresdm630_firmwareapq8098qcn7605sda660_firmwareqcs605msm8998sm8150sdm850sda660sxr1130_firmwareqca8081_firmwaresxr1130sdm660_firmwaresda845sdm845_firmwareSnapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14101
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarekamorta_firmwaremdm9635m_firmwaremdm9640_firmwareapq8096_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439qcs404_firmwaremdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670qcs605_firmwaresc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwaresdm636sda845_firmwaresa415mmdm9635mapq8098qcn7605mdm9205mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaremsm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresa415m_firmwareqcs405sdm710qm215sc7180_firmwaremdm9607mdm9625_firmwaresdm710_firmwareqcn7605_firmwaremdm9150msm8937msm8996_firmwaremsm8905sm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwarerennellsc7180qcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625rennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdm850kamortamsm8996saipannicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-33065
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 5.91%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:47
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Audio

Information disclosure in Audio while accessing AVCS services from ADSP payload.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsnapdragon_429_mobile_platform_firmwareqcs610_firmwarewcd9335sxr2130_firmwaresrv1mqca8081_firmwarewcd9370ar8035_firmwareqca6696wcd9340_firmwaresnapdragon_888_5g_mobile_platformwcd9341_firmwareqca6320sd888_firmwareqcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700qca6564auwcn3610qcn9074wsa8815_firmwaresa8195p_firmwareqca8337_firmwareqca8337qca6426_firmwareqca6574au_firmwareqam8295pwcd9341qca6574ausnapdragon_855_mobile_platformwcn3950wsa8810_firmwaresnapdragon_xr2_5g_platformsnapdragon_429_mobile_platformsa9000p_firmwaresrv1hsnapdragon_835_mobile_pc_platform_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computewcn3660b_firmwaresnapdragon_780g_5g_mobile_platformfastconnect_6800_firmwaresa8295p_firmwaresd835_firmwarevideo_collaboration_vc1_platform_firmwaresnapdragon_778g\+_5g_mobile_platformsa8770psnapdragon_780g_5g_mobile_platform_firmwarec-v2x_9150qca6584auqca6320_firmwareqcn6274_firmwaresd888qcc710wcn6740qca6310_firmwarefastconnect_6800qfw7114_firmwarefastconnect_7800_firmwarefastconnect_6900video_collaboration_vc1_platformqfw7114snapdragon_782g_mobile_platform_firmwarewcd9385_firmwaresnapdragon_x55_5g_modem-rf_systemfastconnect_6900_firmwareqca6310qam8255p_firmwarewcd9380sa6145p_firmwareqam8255psnapdragon_888_5g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwaresa8150psnapdragon_778g_5g_mobile_platformmsm8996au_firmwaresa6155psnapdragon_835_mobile_pc_platformqca6564au_firmwarewsa8810qam8650psnapdragon_865\+_5g_mobile_platformsa9000psrv1h_firmwarevideo_collaboration_vc3_platformaqt1000sm7315_firmwaresnapdragon_865_5g_mobile_platform_firmwarec-v2x_9150_firmwaresa6155p_firmwareqam8295p_firmwaresrv1m_firmwaresd855sd835wcn3990_firmwaresm7315snapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6564a_firmwareqca6436_firmwareqca6698aq_firmwaresnapdragon_wear_4100\+_platform_firmwarewcd9385mdm9650_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3610_firmwaresa8255psnapdragon_855\+\/860_mobile_platform_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareqca6420snapdragon_865\+_5g_mobile_platform_firmwareqca6430wcd9370_firmwaremdm9650snapdragon_x55_5g_modem-rf_system_firmwarewcn3660bqca6574asxr2130wcn3620_firmwaresa8195pwcd9340qamsrv1msnapdragon_820_automotive_platform_firmwaresnapdragon_auto_5g_modem-rf_gen_2sm7325pqam8650p_firmwaresnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwaresdm429wqca6584au_firmwaresd855_firmwareqcn6274qca6436qfw7124sa8775psnapdragon_x75_5g_modem-rf_systemwcd9335_firmwareqca6391_firmwarewcn3980_firmwarewsa8835qca6430_firmwaresnapdragon_870_5g_mobile_platformsa8775p_firmwaresnapdragon_782g_mobile_platformqamsrv1hqca6696_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwaresa6150pqcs410sa8155p_firmwareqca8081qca6564awsa8815sa8155pwsa8830qam8775psa6145pqcn9074_firmwaresa8255p_firmwarear8035qca6574a_firmwareqamsrv1m_firmwaremsm8996ausa8650p_firmwarewcn3620wcd9375_firmwareqca6391qcn6224snapdragon_778g_5g_mobile_platform_firmwareqca6698aqwcn3950_firmwaresa8770p_firmwaresa8295pfastconnect_6200fastconnect_7800sa8145p_firmwaresa8650pqam8775p_firmwaresd865_5g_firmwaresm7325p_firmwarewcn3680bsnapdragon_888\+_5g_mobile_platformwcd9375sa8150p_firmwaresnapdragon_855\+\/860_mobile_platformfastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresa8145pwcn3990snapdragon_wear_4100\+_platformsnapdragon_888\+_5g_mobile_platform_firmwarewsa8835_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_820_automotive_platformfastconnect_6200_firmwarewsa8830_firmwarewcn3680b_firmwareqcn6224_firmwareqcs610Snapdragonqam8255p_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwarewcd9380_firmwaresa6150p_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresa8145p_firmwaremsm8996au_firmwaresnapdragon_820_automotive_platform_firmwareqcn6224_firmwaresdm429w_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6420_firmwareqca6584au_firmwarewcn3990_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwareqfw7114_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwareqamsrv1h_firmwarewcd9340_firmwaresm7325p_firmwareqam8295p_firmwaremdm9650_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwarewcn3660b_firmwaresa9000p_firmwareqca6320_firmwaresm7315_firmwareqca6574au_firmwaresnapdragon_429_mobile_platform_firmwaresnapdragon_835_mobile_pc_platform_firmwarewcn3680b_firmwarewcd9375_firmwareqca8081_firmwareqca6574a_firmwarefastconnect_6200_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3610_firmwareqca6436_firmwareaqt1000_firmwareqca6564au_firmwarewcn6740_firmwaresa6155p_firmwareqcn6274_firmwaresa8775p_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwaresa6145p_firmwaresa8155p_firmwarefastconnect_6700_firmwareqca6564a_firmwarewsa8810_firmwarewcd9341_firmwarefastconnect_7800_firmwaresa8255p_firmwareqcs610_firmwareqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwaresd835_firmwareqam8650p_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwaresxr2130_firmwareqca6696_firmwareqca6391_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresd888_firmwareqcc710_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3620_firmwarewsa8815_firmwarewsa8835_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwareqcn9074_firmwarefastconnect_6800_firmwareqcs410_firmwaresa8295p_firmwareqfw7124_firmwarear8035_firmware
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2019-10574
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.39%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwareapq8096_firmwaremdm9640_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632apq8096sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwareapq8076mdm9206sdm670_firmwareapq8076_firmwaresdm636sda845_firmwareapq8098mdm9205mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845sdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaremsm8998_firmwareqcm2150apq8016_firmwaresdm630mdm9607_firmwaremsm8920_firmwaremdm9655_firmwaresdm660sdm710qm215sc7180_firmwaremdm9607apq8017_firmwaresdm710_firmwaremdm9150msm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwarerennellsc7180sdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareapq8016qm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdm850apq8017msm8996sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-3268
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.30%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 00:00
Updated-11 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelKernel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10625
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCS605, Rennell, SC8180X, SDM429W, SDM710, SDX55, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206mdm9207csc8180xmdm9640_firmwaresm8150_firmwareapq8096ausdm429wrennellrennell_firmwaremdm9206_firmwaremdm9607_firmwareqcs605mdm9650sc8180x_firmwaresdx55sm7150_firmwareapq8096au_firmwaresdm710mdm9607mdm9650_firmwaresdm429w_firmwaresm8150sdm710_firmwaresdx55_firmwaresm7150apq8009_firmwareapq8009qcs605_firmwaremdm9207c_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-2977
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 00:00
Updated-09 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

Action-Not Available
Vendor-opensc_projectn/aRed Hat, Inc.
Product-enterprise_linuxopenscOpenSC
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-28074
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.84%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 07:56
Updated-20 Aug, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_micro-edition-suitebsafe_crypto-c-micro-editionDell BSAFE Micro Edition SuiteDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-36931
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.13%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 15:29
Updated-04 May, 2025 | 09:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
s390/cio: Ensure the copied buf is NUL terminated

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using scanf. Fix this issue by using memdup_user_nul instead.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-26607
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.44%
||
7 Day CHG~0.00%
Published-26 Feb, 2023 | 00:00
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.
Product-hci_baseboard_management_controllerlinux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-37654
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.01% / 1.54%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 20:30
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap OOB and CHECK fail in `ResourceGather` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API in a release build. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668) does not check that the `batch_dims` value that the user supplies is less than the rank of the input tensor. Since the implementation uses several for loops over the dimensions of `tensor`, this results in reading data from outside the bounds of heap allocated buffer backing the tensor. We have patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3907
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.66%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 17:51
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14104
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.70%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Slab-out-of-bounds access can occur if the context pointer is invalid due to lack of null check on pointer before accessing it in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, SC8180X, SDX55, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-apq8053sdx55sm8150_firmwaresm8150sdx55_firmwareapq8053_firmwaresc8180xsc8180x_firmwareSnapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14038
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaremsm8953sdm845_firmwaresdm429wapq8098_firmwaresdm845sdx20sdx24sdm439mdm9607_firmwaremdm9650sdm429sdm710msm8909w_firmwaremdm9607sdm429w_firmwaresdm710_firmwareapq8009_firmwaremsm8909wmsm8917sdm670qcs605_firmwaremdm9207c_firmwaremdm9206msm8905mdm9207csdm670_firmwaresdx24_firmwaresdm439_firmwaresda845_firmwareapq8098sda660_firmwaremdm9206_firmwareqcs605msm8953_firmwareapq8053msm8917_firmwaresdm429_firmwaremdm9650_firmwaresdx20_firmwaremsm8905_firmwaresda660apq8009apq8053_firmwaresda845mdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2019-14042
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read in in fingerprint application due to requested data assigned to a local buffer without length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9205, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwarekamorta_firmwaresa6155p_firmwaresdm845sdx24qcs404_firmwaresm8250_firmwaresc8180x_firmwaresa415m_firmwareqcs405sm7150_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150sa6155psdm670sxr2130qcs605_firmwaresc8180xsdm670_firmwareqcs404sdx24_firmwaresm8150_firmwaresxr2130_firmwareqcs405_firmwarerennellsa415msc7180mdm9205_firmwarerennell_firmwaremdm9205qcs605sdx55sm6150_firmwaresm8250sm8150sdm850sxr1130_firmwarekamortasdx55_firmwarenicobar_firmwaresxr1130nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3908
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.66%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 17:52
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14043
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read in Fingerprint application due to requested data is being used without length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9150, MDM9205, MDM9650, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwarekamorta_firmwaremdm9150_firmwaresa6155p_firmwaresdm636_firmwaresdm845msm8998_firmwaresdm660sdx24sdm630qcs404_firmwaresm8250_firmwaremdm9650sc8180x_firmwaresa415m_firmwareqcs405sm7150_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150sa6155psdm670mdm9150qcs605_firmwaresc8180xsxr2130sdm670_firmwareqcs404sdx24_firmwaresm8150_firmwaresxr2130_firmwaresdm636qcs405_firmwarerennellsa415msc7180sdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwaremdm9205qcs605sdx55sm6150_firmwaresm8250mdm9650_firmwaremsm8998sm8150sdm850sda660kamortasdx55_firmwaresxr1130_firmwarenicobar_firmwaresxr1130sdm660_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14039
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read in adm call back function due to incorrect boundary check for payload in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaremsm8953sdm845_firmwaresdm429wapq8098_firmwaresdm845sdx20sdx24sdm439mdm9607_firmwaremdm9650sdm429sdm710msm8909w_firmwaremdm9607sdm429w_firmwaresdm710_firmwaremsm8917sdm670qcs605_firmwaremdm9207c_firmwaremdm9206msm8905mdm9207csdm670_firmwaresdx24_firmwaresdm439_firmwaresda845_firmwareapq8098sda660_firmwaremdm9206_firmwareqcs605msm8953_firmwareapq8053msm8917_firmwaresdm429_firmwaremdm9650_firmwaresdx20_firmwaremsm8905_firmwaresda660msm8909wapq8053_firmwaresda845mdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-26597
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.42%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 14:46
Updated-04 May, 2025 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: qualcomm: rmnet: fix global oob in rmnet_policy

In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below: ================================================================== BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline] BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207 CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c:495 validate_nla lib/nlattr.c:386 [inline] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 nla_parse_nested_deprecated include/net/netlink.h:1248 [inline] __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fdcf2072359 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359 RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000 </TASK> The buggy address belongs to the variable: rmnet_policy+0x30/0xe0 The buggy address belongs to the physical page: page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243 flags: 0x200000000001000(reserved|node=0|zone=2) raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07 ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9 >ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 ^ ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 According to the comment of `nla_parse_nested_deprecated`, the maxtype should be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-25493
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.05% / 15.93%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:11
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-1380
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelh500sh410s_firmwareh700s_firmwareh500s_firmwareenterprise_linuxh410c_firmwareh300s_firmwareh410sh410ch300sh700sKernel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-49844
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.32%
||
7 Day CHG~0.00%
Published-01 May, 2025 | 14:09
Updated-07 May, 2025 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
can: dev: fix skb drop check

In the Linux kernel, the following vulnerability has been resolved: can: dev: fix skb drop check In commit a6d190f8c767 ("can: skb: drop tx skb if in listen only mode") the priv->ctrlmode element is read even on virtual CAN interfaces that do not create the struct can_priv at startup. This out-of-bounds read may lead to CAN frame drops for virtual CAN interfaces like vcan and vxcan. This patch mainly reverts the original commit and adds a new helper for CAN interface drivers that provide the required information in struct can_priv. [mkl: patch pch_can, too]

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-0180
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.37%
||
7 Day CHG~0.00%
Published-01 Apr, 2023 | 04:28
Updated-13 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, IncVMware (Broadcom Inc.)Citrix (Cloud Software Group, Inc.)NVIDIA Corporation
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherevGPU software (guest driver - Linux), vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (guest driver - Linux), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-27378
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.05%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 18:32
Updated-13 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_850exynos_1380_firmwareexynos_1330_firmwareexynos_1280exynos_850_firmwareexynos_980exynos_1280_firmwareexynos_980_firmwareexynos_1380exynos_1330n/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2022-49623
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.98%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 02:23
Updated-04 May, 2025 | 08:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
powerpc/xive/spapr: correct bitmap allocation size

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive/spapr: correct bitmap allocation size kasan detects access beyond the end of the xibm->bitmap allocation: BUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140 Read of size 8 at addr c00000001d1d0118 by task swapper/0/1 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc2-00001-g90df023b36dd #28 Call Trace: [c00000001d98f770] [c0000000012baab8] dump_stack_lvl+0xac/0x108 (unreliable) [c00000001d98f7b0] [c00000000068faac] print_report+0x37c/0x710 [c00000001d98f880] [c0000000006902c0] kasan_report+0x110/0x354 [c00000001d98f950] [c000000000692324] __asan_load8+0xa4/0xe0 [c00000001d98f970] [c0000000011c6ed0] _find_first_zero_bit+0x40/0x140 [c00000001d98f9b0] [c0000000000dbfbc] xive_spapr_get_ipi+0xcc/0x260 [c00000001d98fa70] [c0000000000d6d28] xive_setup_cpu_ipi+0x1e8/0x450 [c00000001d98fb30] [c000000004032a20] pSeries_smp_probe+0x5c/0x118 [c00000001d98fb60] [c000000004018b44] smp_prepare_cpus+0x944/0x9ac [c00000001d98fc90] [c000000004009f9c] kernel_init_freeable+0x2d4/0x640 [c00000001d98fd90] [c0000000000131e8] kernel_init+0x28/0x1d0 [c00000001d98fe10] [c00000000000cd54] ret_from_kernel_thread+0x5c/0x64 Allocated by task 0: kasan_save_stack+0x34/0x70 __kasan_kmalloc+0xb4/0xf0 __kmalloc+0x268/0x540 xive_spapr_init+0x4d0/0x77c pseries_init_irq+0x40/0x27c init_IRQ+0x44/0x84 start_kernel+0x2a4/0x538 start_here_common+0x1c/0x20 The buggy address belongs to the object at c00000001d1d0118 which belongs to the cache kmalloc-8 of size 8 The buggy address is located 0 bytes inside of 8-byte region [c00000001d1d0118, c00000001d1d0120) The buggy address belongs to the physical page: page:c00c000000074740 refcount:1 mapcount:0 mapping:0000000000000000 index:0xc00000001d1d0558 pfn:0x1d1d flags: 0x7ffff000000200(slab|node=0|zone=0|lastcpupid=0x7ffff) raw: 007ffff000000200 c00000001d0003c8 c00000001d0003c8 c00000001d010480 raw: c00000001d1d0558 0000000001e1000a 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: c00000001d1d0000: fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc c00000001d1d0080: fc fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc >c00000001d1d0100: fc fc fc 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ c00000001d1d0180: fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc fc c00000001d1d0200: fc fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc This happens because the allocation uses the wrong unit (bits) when it should pass (BITS_TO_LONGS(count) * sizeof(long)) or equivalent. With small numbers of bits, the allocated object can be smaller than sizeof(long), which results in invalid accesses. Use bitmap_zalloc() to allocate and initialize the irq bitmap, paired with bitmap_free() for consistency.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-36386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.27%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 19:20
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-49740
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.37%
||
7 Day CHG-0.01%
Published-27 Mar, 2025 | 16:42
Updated-04 May, 2025 | 08:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count value of channel specifications provided by the device is greater than the length of 'list->element[]', decided by the size of the 'list' allocated with kzalloc(). The patch adds checks that make the functions free the buffer and return -EINVAL if that is the case. Note that the negative return is handled by the caller, brcmf_setup_wiphybands() or brcmf_cfg80211_attach(). Found by a modified version of syzkaller. Crash Report from brcmf_construct_chaninfo(): ================================================================== BUG: KASAN: slab-out-of-bounds in brcmf_setup_wiphybands+0x1238/0x1430 Read of size 4 at addr ffff888115f24600 by task kworker/0:2/1896 CPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G W O 5.14.0+ #132 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Workqueue: usb_hub_wq hub_event Call Trace: dump_stack_lvl+0x57/0x7d print_address_description.constprop.0.cold+0x93/0x334 kasan_report.cold+0x83/0xdf brcmf_setup_wiphybands+0x1238/0x1430 brcmf_cfg80211_attach+0x2118/0x3fd0 brcmf_attach+0x389/0xd40 brcmf_usb_probe+0x12de/0x1690 usb_probe_interface+0x25f/0x710 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_set_configuration+0x984/0x1770 usb_generic_driver_probe+0x69/0x90 usb_probe_device+0x9c/0x220 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_new_device.cold+0x463/0xf66 hub_event+0x10d5/0x3330 process_one_work+0x873/0x13e0 worker_thread+0x8b/0xd10 kthread+0x379/0x450 ret_from_fork+0x1f/0x30 Allocated by task 1896: kasan_save_stack+0x1b/0x40 __kasan_kmalloc+0x7c/0x90 kmem_cache_alloc_trace+0x19e/0x330 brcmf_setup_wiphybands+0x290/0x1430 brcmf_cfg80211_attach+0x2118/0x3fd0 brcmf_attach+0x389/0xd40 brcmf_usb_probe+0x12de/0x1690 usb_probe_interface+0x25f/0x710 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_set_configuration+0x984/0x1770 usb_generic_driver_probe+0x69/0x90 usb_probe_device+0x9c/0x220 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_new_device.cold+0x463/0xf66 hub_event+0x10d5/0x3330 process_one_work+0x873/0x13e0 worker_thread+0x8b/0xd10 kthread+0x379/0x450 ret_from_fork+0x1f/0x30 The buggy address belongs to the object at ffff888115f24000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 1536 bytes inside of 2048-byte region [ffff888115f24000, ffff888115f24800) Memory state around the buggy address: ffff888115f24500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888115f24580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888115f24600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888115f24680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888115f24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== Crash Report from brcmf_enable_bw40_2g(): ========== ---truncated---

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48866
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.22%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 12:25
Updated-04 May, 2025 | 08:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts

In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. Code should not blindly access usb_host_interface::endpoint array, since it may contain less endpoints than code expects. Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48999
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.15% / 36.88%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 20:06
Updated-04 May, 2025 | 08:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference

In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference Gwangun Jung reported a slab-out-of-bounds access in fib_nh_match: fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961 fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753 inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874 Separate nexthop objects are mutually exclusive with the legacy multipath spec. Fix fib_nh_match to return if the config for the to be deleted route contains a multipath spec while the fib_info is using a nexthop object.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48701
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.64%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 15:12
Updated-04 May, 2025 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of it's interfaces less than 4, an out-of-bounds read bug occurs when parsing the interface descriptor for this device. Fix this by checking the number of interfaces.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48966
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 20:05
Updated-04 May, 2025 | 08:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: mvneta: Prevent out of bounds read in mvneta_config_rss()

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkeding to ensure that it is not beyond the end of the cpu bitmap.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48739
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.04% / 9.50%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 11:13
Updated-04 May, 2025 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASoC: hdmi-codec: Fix OOB memory accesses

In the Linux kernel, the following vulnerability has been resolved: ASoC: hdmi-codec: Fix OOB memory accesses Correct size of iec_status array by changing it to the size of status array of the struct snd_aes_iec958. This fixes out-of-bounds slab read accesses made by memcpy() of the hdmi-codec driver. This problem is reported by KASAN.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-49032
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 20:06
Updated-04 May, 2025 | 08:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw

In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call Trace: afe4404_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4404_channel_leds+0x18/0xffffffffffffe9c0 This issue can be reproduce by singe command: $ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw The array size of afe4404_channel_leds and afe4404_channel_offdacs are less than channels, so access with chan->address cause OOB read in afe4404_[read|write]_raw. Fix it by moving access before use them.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-49218
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 01:55
Updated-04 May, 2025 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm/dp: Fix OOB read when handling Post Cursor2 register

In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The link_status array was not large enough to read the Adjust Request Post Cursor2 register, so remove the common helper function to avoid an OOB read, found with a -Warray-bounds build: drivers/gpu/drm/drm_dp_helper.c: In function 'drm_dp_get_adjust_request_post_cursor': drivers/gpu/drm/drm_dp_helper.c:59:27: error: array subscript 10 is outside array bounds of 'const u8[6]' {aka 'const unsigned char[6]'} [-Werror=array-bounds] 59 | return link_status[r - DP_LANE0_1_STATUS]; | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/drm_dp_helper.c:147:51: note: while referencing 'link_status' 147 | u8 drm_dp_get_adjust_request_post_cursor(const u8 link_status[DP_LINK_STATUS_SIZE], | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Replace the only user of the helper with an open-coded fetch and decode, similar to drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-26593
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.57%
||
7 Day CHG-0.00%
Published-23 Feb, 2024 | 09:09
Updated-04 May, 2025 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
i2c: i801: Fix block process call transactions

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once again before reading the incoming data from the buffer. The driver is currently missing the second reset, causing the wrong portion of the block buffer to be read.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-49395
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.55%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 02:11
Updated-04 May, 2025 | 08:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
um: Fix out-of-bounds read in LDT setup

In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes. ================================================================== BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0 Read of size 128 at addr 000000006411f6f0 by task swapper/1 CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18 Call Trace: show_stack.cold+0x166/0x2a7 __dump_stack+0x3a/0x43 dump_stack_lvl+0x1f/0x27 print_report.cold+0xdb/0xf81 kasan_report+0x119/0x1f0 kasan_check_range+0x3a3/0x440 memcpy+0x52/0x140 syscall_stub_data+0x70/0xe0 write_ldt_entry+0xac/0x190 init_new_ldt+0x515/0x960 init_new_context+0x2c4/0x4d0 mm_init.constprop.0+0x5ed/0x760 mm_alloc+0x118/0x170 0x60033f48 do_one_initcall+0x1d7/0x860 0x60003e7b kernel_init+0x6e/0x3d4 new_thread_handler+0x1e7/0x2c0 The buggy address belongs to stack of task swapper/1 and is located at offset 64 in frame: init_new_ldt+0x0/0x960 This frame has 2 objects: [32, 40) 'addr' [64, 80) 'desc' ==================================================================

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found