Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-48065

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-27 May, 2026 | 19:58
Updated At-28 May, 2026 | 13:44
Rejected At-
Credits

pam_usb: Unchecked integer multiplication before xmalloc() in conf.c allows heap-based buffer overflow on 32-bit targets

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit targets (armv7l, i686 -- both listed in the project Makefile), the multiplication n_devices * sizeof(t_pusb_device) wraps around size_t, causing xmalloc() to receive a very small size. Because xmalloc() only calls abort() on NULL return, a small-but-non-NULL allocation is accepted, and subsequent array writes overflow the heap. This vulnerability is fixed in 0.9.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:27 May, 2026 | 19:58
Updated At:28 May, 2026 | 13:44
Rejected At:
▼CVE Numbering Authority (CNA)
pam_usb: Unchecked integer multiplication before xmalloc() in conf.c allows heap-based buffer overflow on 32-bit targets

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit targets (armv7l, i686 -- both listed in the project Makefile), the multiplication n_devices * sizeof(t_pusb_device) wraps around size_t, causing xmalloc() to receive a very small size. Because xmalloc() only calls abort() on NULL return, a small-but-non-NULL allocation is accepted, and subsequent array writes overflow the heap. This vulnerability is fixed in 0.9.1.

Affected Products
Vendor
mcdope
Product
pam_usb
Versions
Affected
  • < 0.9.1
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
CWECWE-190CWE-190: Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-190
Description: CWE-190: Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/mcdope/pam_usb/security/advisories/GHSA-24mw-m2vf-36vp
x_refsource_CONFIRM
https://github.com/mcdope/pam_usb/issues/352
x_refsource_MISC
https://github.com/mcdope/pam_usb/issues/55
x_refsource_MISC
Hyperlink: https://github.com/mcdope/pam_usb/security/advisories/GHSA-24mw-m2vf-36vp
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/mcdope/pam_usb/issues/352
Resource:
x_refsource_MISC
Hyperlink: https://github.com/mcdope/pam_usb/issues/55
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:27 May, 2026 | 20:16
Updated At:28 May, 2026 | 13:57

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit targets (armv7l, i686 -- both listed in the project Makefile), the multiplication n_devices * sizeof(t_pusb_device) wraps around size_t, causing xmalloc() to receive a very small size. Because xmalloc() only calls abort() on NULL return, a small-but-non-NULL allocation is accepted, and subsequent array writes overflow the heap. This vulnerability is fixed in 0.9.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-122Primarysecurity-advisories@github.com
CWE-190Primarysecurity-advisories@github.com
CWE ID: CWE-122
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-190
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/mcdope/pam_usb/issues/352security-advisories@github.com
N/A
https://github.com/mcdope/pam_usb/issues/55security-advisories@github.com
N/A
https://github.com/mcdope/pam_usb/security/advisories/GHSA-24mw-m2vf-36vpsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/mcdope/pam_usb/issues/352
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/mcdope/pam_usb/issues/55
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/mcdope/pam_usb/security/advisories/GHSA-24mw-m2vf-36vp
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

72Records found
CVE-2021-0355
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.75%
||
7 Day CHG~0.00%
Published-02 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In kisd, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425581.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-0901
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.98%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 16:10
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.

Action-Not Available
Vendor-n/aGoogle LLCMediaTek Inc.
Product-mt6873mt6893androidmt6885mt6875mt8797mt6889mt8791mt6877mt8195mt6891mt6883MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-20803
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.95%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:47
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6899androidmt8793mt6991MediaTek chipset
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-4949
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-8.1||HIGH
EPSS-0.04% / 12.75%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 16:57
Updated-03 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption Vulnerability in Grub-Legacy's XFS Implementation

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.

Action-Not Available
Vendor-Free Software FoundationGNUXen Project
Product-grubxenGrub-Legacy
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43545
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.51%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:05
Updated-27 Jan, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in WLAN HOST

Memory corruption when more scan frequency list or channels are sent from the user space.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6584au_firmwareqca6554aqcc2076_firmwareqca8337_firmwarewcd9335_firmwareqfw7124_firmwareqca6696_firmwareqcc710qca8081_firmwareqcc2073_firmwareqca6595au_firmwareqca6584auqcn6224_firmwareqfw7114_firmwareqca8081snapdragon_660_mobileqca6554a_firmwarewcn3990qca6564ausd660qcn6224snapdragon_x75_5g_modem-rfqcn6274_firmwareqfw7114fastconnect_7800wcn3990_firmwarear8035fastconnect_7800_firmwareqca6564au_firmwareqcc2073sd660_firmwarewcd9341_firmwarewcd9340qca6595_firmwareqca8337wcn3980_firmwareqcc710_firmwarear8035_firmwareqcn6274qfw7124qca6574aqca6595qca6574a_firmwareqcc2076wcd9341wcn3980qca6574auqca6574wcd9340_firmwarewcd9335qca6574_firmwareqca6696qca6595ausnapdragon_660_mobile_firmwareqca6574au_firmwaresnapdragon_x75_5g_modem-rf_firmwareSnapdragonqca6564au_firmwareqca8337_firmwareqca6584au_firmwareqcn6274_firmwarewcn3990_firmwareqca6696_firmwareqca6595_firmwarewcd9335_firmwareqfw7114_firmwareqcc2076_firmwareqca6554a_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcc2073_firmwareqca6574_firmwarewcd9340_firmwareqcc710_firmwareqcn6224_firmwaresnapdragon_660_mobile_platform_firmwareqca6574a_firmwaresd660_firmwarewcd9341_firmwarefastconnect_7800_firmwareqca6574au_firmwareqca6595au_firmwareqca8081_firmwarewcn3980_firmwareqfw7124_firmwarear8035_firmware
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-14344
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 36.81%
||
7 Day CHG~0.00%
Published-05 Aug, 2020 | 13:08
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

Action-Not Available
Vendor-The X11 ProjectFedora ProjectCanonical Ltd.X.Org FoundationopenSUSE
Product-libx11fedoraubuntu_linuxleaplibX11
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-11160
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.89%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Resource leakage issue during dci client registration due to reference count is not decremented if dci client registration fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qpm5579qfs2580qcs610qca8337qfs2530qln1030pm6125qat3519qbt2000_firmwarewcn3950_firmwarepm8150aqtc800hsdr8250_firmwareqca6595au_firmwareqpm5541_firmwarecsra6620_firmwarecsra6640_firmwarepmc1000hwtr5975_firmwaresdr425_firmwarewcn3998smr526_firmwarewcn3950pm640a_firmwareqsw8573_firmwarewcn3660bwgr7640_firmwareqsw8574_firmwaresd460_firmwareqca4020smb2351_firmwareqca6574au_firmwareqpa4360_firmwarewcd9375_firmwarewcn3998_firmwareqbt2000pm855pqca6420wcn3999pm8150bsa8155_firmwaresd662_firmwareqcs405qca6430qat3522wcd9340qualcomm215_firmwareqca4020_firmwaresdr660wcn6851sa6155pqpa6560sdr865wcd9341qca6696_firmwareqet4100_firmwarepmm855au_firmwaresd_8cxsd855_firmwaresd865_5g_firmwarewcn3988wtr3925pm640p_firmwaresmb1390pm6150lpm855l_firmwareqet4100wcn3610qtc410sqca8337_firmwaresda429w_firmwarewcd9380_firmwaresmb1355sdm429wwgr7640qca6564aupm8150l_firmwareqtm527_firmwaresdx55m_firmwareqpa8673_firmwarepm6150qet4101_firmwaresmb1354_firmwareqca6574pmm8996auwcd9380smb1355_firmwaresmb1351_firmwarepmd9655_firmwarequalcomm215qcs410qpm5579_firmwaresmb1381pm855p_firmwareqca9379_firmwaresmr526wtr5975qca6430_firmwarewcd9335_firmwareqtc801s_firmwarewcn3980qat3522_firmwareqdm2301qsw8573wcd9340_firmwarewsa8815wcn6850qpm6375qdm2301_firmwaremdm9650_firmwaresd_8c_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680pm8009wcn3980_firmwaresdx55mpm8008qtm525_firmwareqsw8574ar8031_firmwarewcn3680_firmwarepm855lwcn6851_firmwareqpa6560_firmwarepm8150b_firmwarepmc1000h_firmwareqca6564a_firmwarepm8009_firmwareqfs2580_firmwarepm8150lqcs610_firmwarepm855_firmwaresa6145ppm215qdm2302pmm6155aupm855b_firmwareapq8096auar8031qcs405_firmwareqpm5577qpm6375_firmwarewtr2965pm640l_firmwareqca6391_firmwarepm8150wcd9370_firmwaresdx55sa8155pcsra6640sd675qet4101qat3555_firmwareqca9379pm855bsmb2351ar8035_firmwarepmm8155au_firmwareqpm6325pm6125_firmwareqbt1500pmi632mdm9650csra6620qbt1500_firmwarepmm855auqca6420_firmwareqca6390_firmwarewcd9370sd675_firmwareqpa4361_firmwaresdr425pmr525_firmwareqca6426qca6584au_firmwarepmi632_firmwaresd_8cx_firmwarewcd9385_firmwareqpm5541wcd9326_firmwarewcn3615_firmwaresd662pmk8002_firmwarepm3003aqsw6310_firmwaresa8155wcn3680b_firmwaresdx55_firmwarepmm6155au_firmwareqca6595auwcn3615wcn3999_firmwarewcn3610_firmwaresmb1354qca6564au_firmwareqca6584ausa6155p_firmwarepm855pm8250qfs2530_firmwarewcn3988_firmwarepmx55sa6145p_firmwarepm8150c_firmwareqat3519_firmwarewsa8810_firmwarewcd9326wcd9335qca6174a_firmwaresdr8150_firmwarewcd9385qpm6325_firmwareqtc800h_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auar8035qca6390wcd9375aqt1000qpa8673sda429wwcn3620_firmwarewsa8815_firmwarewcn6850_firmwaresmr525_firmwarewcn3620wtr3925_firmwareqca6564apmx55_firmwareqtm527sd865_5gpm8150_firmwarepmm8996au_firmwaresdm429w_firmwarepm8150csd665_firmwareqpa4360sdr660_firmwareqca6574aqpa4361qpm5577_firmwarepm8916_firmwaresmb1390_firmwareqca6174asmr525pm6150l_firmwarepmr525pm8150a_firmwareqtm525qca6574_firmwaresd855sd665pm6150_firmwarepm640pqca6574a_firmwaresdr865_firmwareqat3555pm8250_firmwaresd460qca6391smb1351aqt1000_firmwarepm215_firmwarewtr2965_firmwarepm640asdr8150pm8916qtc801spmd9655qca6574ausa8155p_firmwareqsw6310pm8008_firmwarewcd9341_firmwarewsa8810qtc410s_firmwareqat3550sd_8cwcn3680bsdr8250pm3003a_firmwareqln1030_firmwareqca6696smb1381_firmwarepm640lpmk8002apq8096au_firmwareqcs410_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-10722
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.14% / 33.32%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 18:04
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.

Action-Not Available
Vendor-dpdk[UNKNOWN]openSUSEOracle CorporationCanonical Ltd.Fedora Project
Product-ubuntu_linuxfedoradata_plane_development_kitcommunications_session_border_controllerenterprise_communications_brokerleapdpdk
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-10723
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.14% / 33.32%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 18:02
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.

Action-Not Available
Vendor-dpdk[UNKNOWN]openSUSEOracle CorporationCanonical Ltd.Fedora Project
Product-ubuntu_linuxfedoradata_plane_development_kitcommunications_session_border_controllerenterprise_communications_brokerleapdpdk
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-0309
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 15:04
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147227320

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-14309
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 14.24%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 12:49
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-grub2leapGrub
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-33038
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.01%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-14 Nov, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in Radio Interface Layer

Memory corruption while receiving a message in Bus Socket Transport Server.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresnapdragon_8_gen_1_mobile_platformsa6150p_firmwaresm6250p_firmwareqcs610315_5g_iot_modem_firmwareqca8337qca6431_firmwaresnapdragon_778g\+_5g_mobile_platformsnapdragon_870_5g_mobile_platform_firmwarewcd9360_firmwaresnapdragon_888_5g_mobile_platformwcn3950_firmwaresc8180x\+sdx55sa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155snapdragon_480_5g_mobile_platformsnapdragon_x70_modem-rf_systemcsra6620_firmwaresd_675_firmwarecsra6640_firmwaresnapdragon_460_mobile_platform_firmwareqcs6125_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcd9371_firmwarewcn3950qcn6024_firmwaresnapdragon_460_mobile_platformsd460_firmwaresm7315_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareqca8081_firmwaresa6155_firmwarewcd9375_firmwareqca6420wcd9360snapdragon_782g_mobile_platform_firmwaresnapdragon_auto_5g_modem-rf_firmwaresmart_audio_400_platform_firmwareqca6698aqqcs6125sa8155_firmwaresd662_firmwaresnapdragon_765g_5g_mobile_platformqca6430snapdragon_678_mobile_platform_firmwaresnapdragon_8\+_gen_1_mobile_platformsnapdragon_720g_mobile_platformsnapdragon_8cx_compute_platformwcd9340snapdragon_780g_5g_mobile_platformsw5100qca6436sa6155psnapdragon_765_5g_mobile_platform_firmwareqca6698aq_firmwaresnapdragon_690_5g_mobile_platformwcd9341qca6431qca6696_firmwarewcd9371wcn3910_firmwaresnapdragon_855_mobile_platform_firmwaresa8150pwsa8830_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988snapdragon_780g_5g_mobile_platform_firmwaresnapdragon_685_4g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwaresnapdragon_7c_gen_2_compute_platform_firmwaresnapdragon_730_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_675_mobile_platform_firmwareqca8337_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresw5100psnapdragon_8cx_gen_2_5g_compute_platformsnapdragon_w5\+_gen_1_wearable_platformqca6564ausnapdragon_7c\+_gen_3_computewcd9380snapdragon_782g_mobile_platformfastconnect_6700qcs410qca6430_firmwarewcd9335_firmwarewcn3980snapdragon_732g_mobile_platform_firmwareqcm4325_firmwarewcd9340_firmwarewsa8815wcn3910snapdragon_865\+_5g_mobile_platformsnapdragon_4_gen_1_mobile_platformqca6426_firmwaresm4450qcn9024wcn3980_firmwaresd730snapdragon_x50_5g_modem-rf_system_firmwareqca6421_firmwarewcn6740_firmwaresnapdragon_8cx_compute_platform_firmwareqcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemfastconnect_6900fastconnect_6900_firmwareqcn9024_firmwaresdx57mqcm4290_firmwaresnapdragon_x24_lte_modemwsa8832sw5100p_firmwareqcs610_firmwaresa6145psnapdragon_730_mobile_platformqcs4490sa8145psnapdragon_750g_5g_mobile_platformsnapdragon_888\+_5g_mobile_platform_firmwareqca6391_firmwarewcd9370_firmwaresdx55sd888_firmwaresa8155pcsra6640sd675snapdragon_695_5g_mobile_platformsnapdragon_720g_mobile_platform_firmwaresnapdragon_855_mobile_platformar8035_firmwareqcm2290snapdragon_480\+_5g_mobile_platformsnapdragon_662_mobile_platform_firmwarewsa8830sa8145p_firmwareqcs2290_firmwaresnapdragon_x24_lte_modem_firmwarecsrb31024snapdragon_865_5g_mobile_platformcsra6620qcs4290snapdragon_888_5g_mobile_platform_firmwareqca6420_firmwaresd730_firmwaresnapdragon_auto_4g_modem_firmwarewcd9370sd675_firmwaresnapdragon_480\+_5g_mobile_platform_firmwareqca6426wcn3990_firmwareqca9377wcd9385_firmwarewcd9326_firmwarefastconnect_6200snapdragon_7c_gen_2_compute_platformsd662sa8155snapdragon_x55_5g_modem-rf_systemsdx55_firmwaresnapdragon_778g_5g_mobile_platformqca6595ausm7250p_firmwareqca6436_firmwaresnapdragon_680_4g_mobile_platform_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_870_5g_mobile_platformsnapdragon_x70_modem-rf_system_firmwareqcs6490qcs8550_firmwarewcn3988_firmware315_5g_iot_modemsa6145p_firmwareqca6421sm6250fastconnect_6700_firmwaresa8195pwsa8810_firmwarewcd9326wcd9335sg4150pqca8081qcm4490snapdragon_888\+_5g_mobile_platformqca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresnapdragon_665_mobile_platform_firmwarear8035wcd9375aqt1000sc8180x\+sdx55_firmwaresm6250_firmwaresnapdragon_662_mobile_platformsnapdragon_685_4g_mobile_platformsnapdragon_768g_5g_mobile_platform_firmwareqcm6490wsa8815_firmwarewsa8835_firmwaresg4150p_firmwareqcm6125_firmwareqcm4325qcm2290_firmwaresnapdragon_855\+\/860_mobile_platform_firmwarewcn3990sd_675sd865_5gfastconnect_6800snapdragon_8c_compute_platformsd888wsa8835snapdragon_auto_5g_modem-rfsm6250psnapdragon_678_mobile_platformsnapdragon_855\+\/860_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwaresxr2130qca6574asmart_audio_400_platformqca6174asm7325psd855sm7325p_firmwaresdx57m_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_665_mobile_platformsnapdragon_730g_mobile_platformsm7315sd460qca6391snapdragon_x55_5g_modem-rf_system_firmwarefastconnect_7800aqt1000_firmwaresnapdragon_7c_compute_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_auto_4g_modemqcm4290csrb31024_firmwareqcm6490_firmwarewsa8832_firmwareqca6574ausa8155p_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm6125wsa8810snapdragon_765g_5g_mobile_platform_firmwaresnapdragon_730g_mobile_platform_firmwaresnapdragon_680_4g_mobile_platformsnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_8c_compute_platform_firmwaresnapdragon_675_mobile_platformwcn6740qca6696snapdragon_732g_mobile_platformqcs8550sa6150psnapdragon_x50_5g_modem-rf_systemsnapdragon_768g_5g_mobile_platformqcn6024snapdragon_765_5g_mobile_platformsm7250psnapdragon_8\+_gen_1_mobile_platform_firmwaresw5100_firmwareqcs410_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_firmwaresnapdragon_7c_compute_platformSnapdragon
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32823
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.19%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-23 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912966.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8765mt6833mt6580mt6885mt8788mt6983mt8666mt6877mt6762mt6781mt6765mt6891mt6883mt6853mt6895mt6853tmt6789mt6739androidmt6769mt6761mt6875mt6889mt6768mt6779mt6785mt6879MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, MT8788mt6855mt6985mt6873mt6893mt8765mt6833mt6580mt6885mt8788mt6983mt8666mt6877mt6762mt6781mt6765mt6891mt6883mt6853mt6895mt6853tmt6789mt6739mt6769mt6761mt6875mt6889mt6768mt6779mt6785mt6879
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-32461
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.07% / 20.46%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 06:56
Updated-25 Sep, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.  

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r7515poweredge_r7615_firmwarepoweredge_r250poweredge_t560_firmwarepoweredge_r6515_firmwareemc_xc_core_xc6520_firmwarepoweredge_hs5610_firmwarepoweredge_xr4510c_firmwarepoweredge_xr12poweredge_r7515_firmwarepoweredge_xr8620t_firmwareemc_xc_core_xc450_firmwarepoweredge_r760xa_firmwarepoweredge_xr8620tpoweredge_mx750c_firmwarepoweredge_r750poweredge_r650_firmwareemc_xc_core_xc650_firmwarepoweredge_xe8640poweredge_c6520_firmwarepoweredge_xe9680poweredge_r550_firmwareemc_xc_core_xc750_firmwarepoweredge_t150_firmwarepoweredge_r760xd2_firmwarepoweredge_r250_firmwarepoweredge_r760_firmwarepoweredge_r550poweredge_r350_firmwarepoweredge_r750_firmwarepoweredge_xr4510cpoweredge_r660_firmwarepoweredge_c6525_firmwarepoweredge_c6525emc_xc_core_xc650poweredge_r6625_firmwarepoweredge_r750xspoweredge_t550_firmwarepoweredge_xr7620_firmwarepoweredge_r660poweredge_xr11_firmwarepoweredge_t350poweredge_r860poweredge_r650poweredge_r650xs_firmwarepoweredge_xr11poweredge_xr12_firmwarepoweredge_c6620poweredge_xr4520cpoweredge_r7625_firmwarepoweredge_r760xaemc_xc_core_xc7525_firmwarepoweredge_t560poweredge_t150poweredge_xe9680_firmwarepoweredge_r650xspoweredge_xr7620poweredge_xr5610_firmwarepoweredge_xr4520c_firmwarepoweredge_r7525_firmwarepoweredge_c6620_firmwarepoweredge_mx760c_firmwarepoweredge_r660xspoweredge_r6525poweredge_xe8545_firmwarepoweredge_r7525poweredge_r6615_firmwareemc_xc_core_xc750xa_firmwarepoweredge_r6615poweredge_mx760cpoweredge_xe8545emc_xc_core_xc7525poweredge_r750xapoweredge_t550emc_xc_core_xc750poweredge_r660xs_firmwarepoweredge_hs5620poweredge_r760xs_firmwarepoweredge_r6515poweredge_r760emc_xc_core_xc450poweredge_r6525_firmwarepoweredge_mx750cemc_xc_core_xc750xapoweredge_r960poweredge_r350poweredge_r7625poweredge_r450_firmwarepoweredge_xe8640_firmwarepoweredge_r750xa_firmwarepoweredge_r960_firmwarepoweredge_r760xspoweredge_r7615poweredge_r760xd2poweredge_c6520poweredge_xr5610poweredge_r450poweredge_r750xs_firmwarepoweredge_hs5610poweredge_t350_firmwarepoweredge_r860_firmwarepoweredge_r6625poweredge_hs5620_firmwareemc_xc_core_xc6520PowerEdge Platform
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-30763
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.36%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 14:01
Updated-24 Jan, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-battery_life_diagnostic_toolsoc_watchoneapi_base_toolkitIntel(R) SoC Watch based software
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-27372
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.34%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 18:37
Updated-27 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead to a heap overwrite.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380exynos_850_firmwareexynos_980_firmwareexynos_1330_firmwareexynos_1330exynos_1280_firmwareexynos_1380_firmwareexynos_1280exynos_980exynos_850n/aexynos_850_firmwareexynos_980_firmwareexynos_1330_firmwareexynos_1280_firmwareexynos_1380_firmware
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-26171
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.26% / 49.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-20025
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.84%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 02:43
Updated-22 Apr, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS08541686.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6763mt8195mt8185mt6885mt8791mt6768mt8395mt8789mt8321mt6771mt6873mt8796mt8678mt8768mt6833mt8365mt6739mt8797mt6761mt8666mt6757mt8175mt8766mt8167mt8798mt8168mt6785mt6877mt8765mt8786mt8385mt6779mt6893mt8362amt6765mt8673mt6853androidmt8788mt8791tmt8781mt8173MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8678, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798mt8175mt6873mt6893mt8765mt8395mt8788mt8791tmt8666mt8167mt6765mt6739mt6757mt8768mt8789mt6761mt8797mt8321mt6768mt8362amt8781mt8766mt8786mt8678mt6771mt8385mt6833mt6885mt8673mt6877mt8365mt8195mt6853mt8168mt8798mt8185mt8791mt6779mt8796mt6785mt6763mt8173
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-39736
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 3.07%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-39719
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 3.07%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-9404
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.30%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:32
Updated-19 Dec, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-21555
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 18.76%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • Next
Details not found