Vulnerabilities > Improper Validation of Array Index

DATE CVE VULNERABILITY TITLE RISK
2025-04-07 CVE-2025-21423 Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
local
low complexity
CWE-129
7.8
2025-04-07 CVE-2025-21447 Memory corruption may occur while processing device IO control call for session control.
local
low complexity
CWE-129
7.8
2025-04-02 CVE-2025-21991 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't have a "first CPU". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds This does not have any security implications since flashing microcode is a privileged operation but I believe this has reliability implications by potentially corrupting memory while flashing a microcode update. When booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes a microcode update.
local
low complexity
linux CWE-129
7.8
2025-03-27 CVE-2023-52988 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center (linuxtesting.org) with SVACE.
local
low complexity
linux CWE-129
7.8
2025-03-20 CVE-2025-0313 Improper Validation of Array Index vulnerability in Ollama
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a GGUF model that can cause a denial of service (DoS) attack.
network
low complexity
ollama CWE-129
7.5
2025-03-03 CVE-2024-49836 Improper Validation of Array Index vulnerability in Qualcomm products
Memory corruption may occur during the synchronization of the camera`s frame processing pipeline.
local
low complexity
qualcomm CWE-129
7.8
2025-03-03 CVE-2024-53014 Improper Validation of Array Index vulnerability in Qualcomm products
Memory corruption may occur while validating ports and channels in Audio driver.
local
low complexity
qualcomm CWE-129
7.8
2025-02-27 CVE-2024-57996 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1.
local
low complexity
linux CWE-129
5.5
2025-02-26 CVE-2022-49471 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check mac_id to avoid out-of-bounds Somehow, hardware reports incorrect mac_id and pollute memory.
local
low complexity
linux CWE-129
7.8
2025-02-26 CVE-2022-49478 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index.
local
low complexity
linux CWE-129
7.8