Vulnerabilities > Improper Validation of Array Index
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-26 | CVE-2022-49548 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Fix potential array overflow in bpf_trampoline_get_progs() The cnt value in the 'cnt >= BPF_MAX_TRAMP_PROGS' check does not include BPF_TRAMP_MODIFY_RETURN bpf programs, so the number of the attached BPF_TRAMP_MODIFY_RETURN bpf programs in a trampoline can exceed BPF_MAX_TRAMP_PROGS. When this happens, the assignment '*progs++ = aux->prog' in bpf_trampoline_get_progs() will cause progs array overflow as the progs field in the bpf_tramp_progs struct can only hold at most BPF_MAX_TRAMP_PROGS bpf programs. | 7.8 |
| 2025-02-26 | CVE-2022-49720 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() This patch prevents that test nvme/004 triggers the following: UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9 index 512 is out of range for type 'long unsigned int [512]' Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x3b __ubsan_handle_out_of_bounds.cold+0x44/0x49 blk_mq_alloc_request_hctx+0x304/0x310 __nvme_submit_sync_cmd+0x70/0x200 [nvme_core] nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics] nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop] nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop] nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics] nvmf_dev_write+0xae/0x111 [nvme_fabrics] vfs_write+0x144/0x560 ksys_write+0xb7/0x140 __x64_sys_write+0x42/0x50 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae | 7.8 |
| 2025-02-26 | CVE-2022-49186 | Improper Validation of Array Index vulnerability in Linux Kernel 5.17/5.17.1/5.17.2 In the Linux kernel, the following vulnerability has been resolved: clk: visconti: prevent array overflow in visconti_clk_register_gates() This code was using -1 to represent that there was no reset function. Unfortunately, the -1 was stored in u8 so the if (clks[i].rs_id >= 0) condition was always true. | 7.8 |
| 2025-02-10 | CVE-2025-21692 | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <[email protected]> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0. | 7.8 |
| 2025-02-03 | CVE-2024-45569 | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption while parsing the ML IE due to invalid frame content. | 9.8 |
| 2025-02-03 | CVE-2024-45582 | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption while validating number of devices in Camera kernel . | 7.8 |
| 2025-02-03 | CVE-2024-49832 | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption in Camera due to unusually high number of nodes passed to AXI port. | 7.8 |
| 2025-02-03 | CVE-2024-49833 | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption can occur in the camera when an invalid CID is used. | 7.8 |
| 2025-02-03 | CVE-2024-49834 | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption while power-up or power-down sequence of the camera sensor. | 7.8 |
| 2025-02-03 | CVE-2024-49837 | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption while reading CPU state data during guest VM suspend. | 7.8 |