Vulnerabilities > Improper Validation of Array Index
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-22 | CVE-2025-48075 | Improper Validation of Array Index vulnerability in Gofiber Fiber Fiber is an Express-inspired web framework written in Go. | 7.5 |
| 2025-05-06 | CVE-2024-45574 | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption during array access in Camera kernel due to invalid index from invalid command data. | 7.8 |
| 2025-05-06 | CVE-2024-45576 | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption while prociesing command buffer buffer in OPE module. | 7.8 |
| 2025-05-06 | CVE-2024-45578 | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption while acquire and update IOCTLs during IFE output resource ID validation. | 7.8 |
| 2025-04-18 | CVE-2025-39728 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = nr_clks`. | 5.5 |
| 2025-04-18 | CVE-2025-40014 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, so the low speed_hz value gets clamped up to AMD_SPI_MIN_HZ. Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode() | 7.8 |
| 2025-04-18 | CVE-2025-40114 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated by veml6075_read_int_time_index can range from 0 to 7, which could lead to out-of-bounds access. | 7.8 |
| 2025-04-16 | CVE-2025-22067 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() If requested_clk > 128, cdns_mrvl_xspi_setup_clock() iterates over the entire cdns_mrvl_xspi_clk_div_list array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, clamping the clock to the minimum 6.25 MHz. Fixes the following warning with an UBSAN kernel: vmlinux.o: warning: objtool: cdns_mrvl_xspi_setup_clock: unexpected end of section .text.cdns_mrvl_xspi_setup_clock | 7.8 |
| 2025-04-07 | CVE-2025-21423 | Memory corruption occurs when handling client calls to EnableTestMode through an Escape call. | 7.8 |
| 2025-04-07 | CVE-2025-21447 | Memory corruption may occur while processing device IO control call for session control. | 7.8 |