CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-20653
https://notcve.org/view.php?id=CVE-2025-20653
03 Mar 2025 — In da, there is a possible out of bounds read due to an integer overflow. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52559 – drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
https://notcve.org/view.php?id=CVE-2024-52559
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32 values that come from the user via the submit_lookup_cmds() function. This addition could lead to an integer wrapping bug so use size_add() to prevent that. This addition could lead to an integer wrapping bug so use size_add() to prevent that. Patchwork: https://patchwork.freedes... • https://git.kernel.org/stable/c/198725337ef1f73b73e7dc953c6ffb0799f26ffe •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52557 – drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get()
https://notcve.org/view.php?id=CVE-2024-52557
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get() This patch fixes a potential integer overflow in the zynqmp_dp_rate_get() The issue comes up when the expression drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000 is evaluated using 32-bit Now the constant is a compatible 64-bit type. Resolves coverity issues: CID 1636340 and CID 1635811 In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/28edaacb821c69241f6c0be6bbd29f7145f1b44f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58017 – printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
https://notcve.org/view.php?id=CVE-2024-58017
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefine... • https://git.kernel.org/stable/c/54c14022fa2ba427dc543455c2cf9225903a7174 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58010 – binfmt_flat: Fix integer overflow bug on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-58010
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. ... Otherwise on 32bit systems the calculation of "full_data" could be wrong. full_data = data_len + relocs * sizeof(unsigned long); In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32... • https://git.kernel.org/stable/c/c995ee28d29d6f256c3a8a6c4e66469554374f25 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-57973 – rdma/cxgb4: Prevent potential integer overflow on 32bit
https://notcve.org/view.php?id=CVE-2024-57973
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rdma/cxgb4: Prevent potential integer overflow on 32bit The "gl->tot_len" variable is controlled by the user. In the Linux kernel, the following vulnerability has been resolved: rdma/cxgb4: Prevent potential integer overflow on 32bit The "gl->tot_len" variable is controlled by the user. ... • https://git.kernel.org/stable/c/1cab775c3e75f1250c965feafd061d696df36e53 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57953 – rtc: tps6594: Fix integer overflow on 32bit systems
https://notcve.org/view.php?id=CVE-2024-57953
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594_rtc_set_offset() tmp = offset * TICKS_PER_HOUR; The "tmp" variable is an s64 but "offset" is a long in the (-277774)-277774 range. In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594_rtc_set_offset() tmp = offset * T... • https://git.kernel.org/stable/c/9f67c1e63976d3403f0b250b03ffe959c890f9db •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49728 – ipv6: Fix signed integer overflow in __ip6_append_data
https://notcve.org/view.php?id=CVE-2022-49728
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in __ip6_append_data Resurrect ubsan overflow checks and ubsan report this warning, fix it by change the variable [length] type to size_t. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in __ip6_append_data Resurrect ubsan overflow checks and ubsan report this warning, fix it by change the variable [length] type... • https://git.kernel.org/stable/c/84dc940890e91e42898e4443a093281702440abf •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49727 – ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
https://notcve.org/view.php?id=CVE-2022-49727
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg When len >= INT_MAX - transhdrlen, ulen = len + transhdrlen will be overflow. ... In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg When len >= INT_MAX - transhdrlen, ulen = len + transhdrlen will be overflow. • https://git.kernel.org/stable/c/2cf73c7cb6125083408d77f43d0e84d86aed0000 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49643 – ima: Fix a potential integer overflow in ima_appraise_measurement
https://notcve.org/view.php?id=CVE-2022-49643
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ima: Fix a potential integer overflow in ima_appraise_measurement When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be negative, which may cause the integer overflow problem. In the Linux kernel, the following vulnerability has been resolved: ima: Fix a potential integer overflow in ima_appraise_measurement When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may b... • https://git.kernel.org/stable/c/39b07096364a42c516415d5f841069e885234e61 •