CVSS: 6.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-1298 – Integer Overflow caused by divide by zero during S3 suspension
https://notcve.org/view.php?id=CVE-2024-1298
30 May 2024 — EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. EDK2 contiene una vulnerabilidad cuando se activa la suspensión de S3 donde un atacante puede causar una división por cero debido a un desbordamiento de UNIT32 a través del acceso local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérdida de disponibilidad. A divi... • https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53 • CWE-369: Divide By Zero •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36917 – block: fix overflow in blk_ioctl_discard()
https://notcve.org/view.php?id=CVE-2024-36917
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000; Add the overflow validation now. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: corrige el desbordamiento en blk_ioctl_discard() No hay verificación de desbordamiento de 'start ... • https://git.kernel.org/stable/c/d30a2605be9d5132d95944916e8f578fcfe4f976 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36025 – scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
https://notcve.org/view.php?id=CVE-2024-36025
30 May 2024 — Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. • https://git.kernel.org/stable/c/7878f22a2e03b69baf792f74488962981a1c9547 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-36015 – ppdev: Add an error check in register_device
https://notcve.org/view.php?id=CVE-2024-36015
29 May 2024 — Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. • https://git.kernel.org/stable/c/9a69645dde1188723d80745c1bc6ee9af2cbe2a7 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30212 – Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command
https://notcve.org/view.php?id=CVE-2024-30212
28 May 2024 — If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to write to this memory area. If RAM contains pointers, those can be - depending on the application - overwritten to return data from any other offset including Progam and Boot Flash. Si se inicia un comando SCSI READ... • https://github.com/Fehr-GmbH/blackleak • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6349 – Heap overflow in libvpx
https://notcve.org/view.php?id=CVE-2023-6349
27 May 2024 — Issues addressed include buffer overflow and integer overflow vulnerabilities. • https://crbug.com/webm/1642 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47501 – i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
https://notcve.org/view.php?id=CVE-2021-47501
24 May 2024 — Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. • https://git.kernel.org/stable/c/02e9c290814cc143ceccecb14eac3e7a05da745e • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52857 – drm/mediatek: Fix coverity issue with unintentional integer overflow
https://notcve.org/view.php?id=CVE-2023-52857
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow 1. ... In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow 1. • https://git.kernel.org/stable/c/1a64a7aff8da352c9419de3d5c34343682916411 •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52832 – wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
https://notcve.org/view.php?id=CVE-2023-52832
21 May 2024 — UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5 -2147483648 * 100 cannot be represented in type 'int' CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE Call Trace: dump_stack+0x74/0x92 ubsan_epilogue+0x9/0x50 handle_overflow+0x8d/0xd0 __ubsan_handle_mul_overflow+0xe/0x10 nl80211_send_iface+0x688/0x6b0 [cfg80211] [...] cfg80211_register_wdev+0x78/0xb0 [cfg80211] cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211] [...] ieee80211_if_add+0x60e/0x8f0 [mac80211] ieee80211_register_hw... • https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f • CWE-190: Integer Overflow or Wraparound CWE-920: Improper Restriction of Power Consumption •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52771 – cxl/port: Fix delete_endpoint() vs parent unregistration race
https://notcve.org/view.php?id=CVE-2023-52771
21 May 2024 — Issues addressed include denial of service, integer overflow, memory leak, and null pointer vulnerabilities. • https://git.kernel.org/stable/c/8dd2bc0f8e02d39bd80851ca787bcbdb7d495e69 • CWE-413: Improper Resource Locking •