Vulnerabilities > Improper Validation of Array Index
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-27 | CVE-2020-36776 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreq_cooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpu_power_to_freq(). If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index. Return the lowest frequency if limited power cannot found a suitable OPP in EM table to fix this issue. Backtrace: [<ffffffd02d2a37f0>] die+0x104/0x5ac [<ffffffd02d2a5630>] bug_handler+0x64/0xd0 [<ffffffd02d288ce4>] brk_handler+0x160/0x258 [<ffffffd02d281e5c>] do_debug_exception+0x248/0x3f0 [<ffffffd02d284488>] el1_dbg+0x14/0xbc [<ffffffd02d75d1d4>] __kasan_report+0x1dc/0x1e0 [<ffffffd02d75c2e0>] kasan_report+0x10/0x20 [<ffffffd02d75def8>] __asan_report_load8_noabort+0x18/0x28 [<ffffffd02e6fce5c>] cpufreq_power2state+0x180/0x43c [<ffffffd02e6ead80>] power_actor_set_power+0x114/0x1d4 [<ffffffd02e6fac24>] allocate_power+0xaec/0xde0 [<ffffffd02e6f9f80>] power_allocator_throttle+0x3ec/0x5a4 [<ffffffd02e6ea888>] handle_thermal_trip+0x160/0x294 [<ffffffd02e6edd08>] thermal_zone_device_check+0xe4/0x154 [<ffffffd02d351cb4>] process_one_work+0x5e4/0xe28 [<ffffffd02d352f44>] worker_thread+0xa4c/0xfac [<ffffffd02d360124>] kthread+0x33c/0x358 [<ffffffd02d289940>] ret_from_fork+0xc/0x18 | 5.5 |
| 2024-02-22 | CVE-2023-52451 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. | 7.8 |
| 2024-02-07 | CVE-2024-24563 | Improper Validation of Array Index vulnerability in Vyperlang Vyper Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. | 9.8 |
| 2024-02-06 | CVE-2023-43535 | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger. | 7.8 |
| 2024-01-08 | CVE-2023-35994 | Improper Validation of Array Index vulnerability in Tonybybell Gtkwave 3.3.115 Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. | 7.8 |
| 2024-01-08 | CVE-2023-35995 | Improper Validation of Array Index vulnerability in Tonybybell Gtkwave 3.3.115 Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. | 7.8 |
| 2024-01-08 | CVE-2023-35996 | Improper Validation of Array Index vulnerability in Tonybybell Gtkwave 3.3.115 Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. | 7.8 |
| 2024-01-08 | CVE-2023-35997 | Improper Validation of Array Index vulnerability in Tonybybell Gtkwave 3.3.115 Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. | 7.8 |
| 2024-01-08 | CVE-2023-39234 | Improper Validation of Array Index vulnerability in Tonybybell Gtkwave 3.3.115 Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. | 7.8 |
| 2024-01-08 | CVE-2023-39235 | Improper Validation of Array Index vulnerability in Tonybybell Gtkwave 3.3.115 Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. | 7.8 |