Vulnerabilities > Improper Validation of Array Index

DATE CVE VULNERABILITY TITLE RISK
2024-12-02 CVE-2024-33044 Improper Validation of Array Index vulnerability in Qualcomm products
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
local
low complexity
qualcomm CWE-129
7.8
2024-11-19 CVE-2024-50291 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: add missing buffer index check dvb_vb2_expbuf() didn't check if the given buffer index was for a valid buffer.
local
low complexity
linux CWE-129
5.5
2024-11-07 CVE-2024-50161 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining info_cnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, it doesn't check the remaining info_cnt.
local
low complexity
linux CWE-129
5.5
2024-11-05 CVE-2024-51517 Improper Validation of Array Index vulnerability in Huawei Harmonyos 5.0.0
Vulnerability of improper memory access in the phone service module Impact: Successful exploitation of this vulnerability may affect availability.
local
low complexity
huawei CWE-129
5.5
2024-11-04 CVE-2024-33032 Improper Validation of Array Index vulnerability in Qualcomm products
Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
local
low complexity
qualcomm CWE-129
6.7
2024-10-21 CVE-2022-48967 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol().
local
low complexity
linux CWE-129
7.1
2024-10-21 CVE-2022-48979 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix array index out of bound error in DCN32 DML [Why&How] LinkCapacitySupport array is indexed with the number of voltage states and not the number of max DPPs.
local
low complexity
linux CWE-129
5.5
2024-10-21 CVE-2022-49022 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration Fix possible out-of-bound access in ieee80211_get_rate_duration routine as reported by the following UBSAN report: UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47 index 15 is out of range for type 'u16 [12]' CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017 Workqueue: mt76 mt76u_tx_status_data [mt76_usb] Call Trace: <TASK> show_stack+0x4e/0x61 dump_stack_lvl+0x4a/0x6f dump_stack+0x10/0x18 ubsan_epilogue+0x9/0x43 __ubsan_handle_out_of_bounds.cold+0x42/0x47 ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211] ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211] ieee80211_calc_rx_airtime+0xda/0x120 [mac80211] ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211] mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib] mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib] mt76u_tx_status_data+0x67/0xd0 [mt76_usb] process_one_work+0x225/0x400 worker_thread+0x50/0x3e0 ? process_one_work+0x400/0x400 kthread+0xe9/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30
local
low complexity
linux CWE-129
7.8
2024-10-21 CVE-2024-50007 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware.
local
low complexity
linux CWE-129
7.8
2024-10-21 CVE-2024-49894 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in `cm_helper_translate_curve_to_degamma_hw_format` function.
local
low complexity
linux CWE-129
7.8