CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5256 – Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5256
Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before reading from memory. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before reading from memory. • https://www.zerodayinitiative.com/advisories/ZDI-24-542 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-1298 – Integer Overflow caused by divide by zero during S3 suspension
https://notcve.org/view.php?id=CVE-2024-1298
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. EDK2 contiene una vulnerabilidad cuando se activa la suspensión de S3 donde un atacante puede causar una división por cero debido a un desbordamiento de UNIT32 a través del acceso local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérdida de disponibilidad. A divide-by-zero vulnerability was found in edk2. • https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7NUL7NSZQ76A5OKDUCODQNY7WSX4SST https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIMEZWDKEIQKU7NMHKL57DOCITPGEXYN https://access.redhat.com/security/cve/CVE-2024-1298 https://bugzilla.redhat.com/show_bug.cgi?id=2284243 • CWE-369: Divide By Zero •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36917 – block: fix overflow in blk_ioctl_discard()
https://notcve.org/view.php?id=CVE-2024-36917
In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000; Add the overflow validation now. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: corrige el desbordamiento en blk_ioctl_discard() No hay verificación de desbordamiento de 'start + len' en blk_ioctl_discard(). La tarea bloqueada ocurre si envía un ioctl de descarte con el siguiente parámetro: start = 0x80000000000ff000, len = 0x8000000000fff000; Agregue la validación de desbordamiento ahora. • https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6 https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa https://git.kernel.org/stable/c/6c9915fa9410cbb9bd75ee283c03120046c56d3d https://access.redhat.com/security/cve/CVE-2024-36917 https://bugzilla.redhat.com/show_bug.cgi?id=2284519 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30212 – Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command
https://notcve.org/view.php?id=CVE-2024-30212
If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to write to this memory area. If RAM contains pointers, those can be - depending on the application - overwritten to return data from any other offset including Progam and Boot Flash. Si se inicia un comando SCSI READ(10) a través de USB utilizando el LBA más grande (0xFFFFFFFF) con su tamaño de bloque predeterminado de 512 y un recuento de 1, los primeros 512 bytes del área de memoria 0x80000000 se devuelven al usuario. Si se aumenta el número de bloques, toda la RAM puede quedar expuesta. • https://github.com/Fehr-GmbH/blackleak https://github.com/Microchip-MPLAB-Harmony/core/blob/master/release_notes.md https://github.com/Microchip-MPLAB-Harmony/core/commit/d4608a4f1a140bd899cd4337cdbfb343a4339216 • CWE-190: Integer Overflow or Wraparound •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52857 – drm/mediatek: Fix coverity issue with unintentional integer overflow
https://notcve.org/view.php?id=CVE-2023-52857
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow 1. • https://git.kernel.org/stable/c/1a64a7aff8da352c9419de3d5c34343682916411 https://git.kernel.org/stable/c/73e81f7219aa582d8e55a7b6552f607a8e5a9724 https://git.kernel.org/stable/c/0d8a1df39d3fc34560e2cc663b5c340d06a25396 https://git.kernel.org/stable/c/96312a251d4dcee5d36e32edba3002bfde0ddd9c https://git.kernel.org/stable/c/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7 •