CVSS: 6.7EPSS: 0%CPEs: 16EXPL: 0CVE-2024-45780 – Grub2: fs/tar: integer overflow causes heap oob write
https://notcve.org/view.php?id=CVE-2024-45780
03 Mar 2025 — However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. • https://access.redhat.com/security/cve/CVE-2024-45780 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 16EXPL: 0CVE-2025-1125 – Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-1125
03 Mar 2025 — When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. • https://access.redhat.com/security/cve/CVE-2025-1125 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-53025 – Integer Overflow or Wraparound in BT Controller
https://notcve.org/view.php?id=CVE-2024-53025
03 Mar 2025 — Transient DOS can occur while processing UCI command. • https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-20653
https://notcve.org/view.php?id=CVE-2025-20653
03 Mar 2025 — In da, there is a possible out of bounds read due to an integer overflow. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52559 – drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
https://notcve.org/view.php?id=CVE-2024-52559
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32 values that come from the user via the submit_lookup_cmds() function. This addition could lead to an integer wrapping bug so use size_add() to prevent that. This addition could lead to an integer wrapping bug so use size_add() to prevent that. Patchwork: https://patchwork.freedes... • https://git.kernel.org/stable/c/198725337ef1f73b73e7dc953c6ffb0799f26ffe •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52557 – drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get()
https://notcve.org/view.php?id=CVE-2024-52557
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get() This patch fixes a potential integer overflow in the zynqmp_dp_rate_get() The issue comes up when the expression drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000 is evaluated using 32-bit Now the constant is a compatible 64-bit type. Resolves coverity issues: CID 1636340 and CID 1635811 In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/28edaacb821c69241f6c0be6bbd29f7145f1b44f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58017 – printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
https://notcve.org/view.php?id=CVE-2024-58017
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefine... • https://git.kernel.org/stable/c/54c14022fa2ba427dc543455c2cf9225903a7174 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58010 – binfmt_flat: Fix integer overflow bug on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-58010
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. ... Otherwise on 32bit systems the calculation of "full_data" could be wrong. full_data = data_len + relocs * sizeof(unsigned long); In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32... • https://git.kernel.org/stable/c/c995ee28d29d6f256c3a8a6c4e66469554374f25 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-57973 – rdma/cxgb4: Prevent potential integer overflow on 32bit
https://notcve.org/view.php?id=CVE-2024-57973
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rdma/cxgb4: Prevent potential integer overflow on 32bit The "gl->tot_len" variable is controlled by the user. In the Linux kernel, the following vulnerability has been resolved: rdma/cxgb4: Prevent potential integer overflow on 32bit The "gl->tot_len" variable is controlled by the user. ... • https://git.kernel.org/stable/c/1cab775c3e75f1250c965feafd061d696df36e53 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57953 – rtc: tps6594: Fix integer overflow on 32bit systems
https://notcve.org/view.php?id=CVE-2024-57953
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594_rtc_set_offset() tmp = offset * TICKS_PER_HOUR; The "tmp" variable is an s64 but "offset" is a long in the (-277774)-277774 range. In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594_rtc_set_offset() tmp = offset * T... • https://git.kernel.org/stable/c/9f67c1e63976d3403f0b250b03ffe959c890f9db •