Vulnerabilities > Out-of-bounds Read

DATE CVE VULNERABILITY TITLE RISK
2024-09-18 CVE-2024-31192 Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0
Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-125
7.5
2024-09-18 CVE-2024-31193 Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0
Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-125
7.5
2024-09-18 CVE-2024-31194 Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0
Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-125
7.5
2024-09-18 CVE-2024-31195 Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0
Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-125
7.5
2024-09-18 CVE-2024-31198 Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0
Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).
network
low complexity
opennetworking CWE-125
7.5
2024-09-18 CVE-2024-46743 Out-of-bounds Read vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size.
local
low complexity
linux CWE-125
7.1
2024-09-18 CVE-2024-46747 Out-of-bounds Read vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before accessing it
local
low complexity
linux CWE-125
7.1
2024-09-18 CVE-2024-46722 Out-of-bounds Read vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning Clear warning that read mc_data[i-1] may out-of-bounds.
local
low complexity
linux CWE-125
7.1
2024-09-18 CVE-2024-46723 Out-of-bounds Read vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode[] may out-of-bounds.
local
low complexity
linux CWE-125
7.1
2024-09-18 CVE-2024-46724 Out-of-bounds Read vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error
local
low complexity
linux CWE-125
7.1