Vulnerabilities > Out-of-bounds Read

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-44993 Out-of-bounds Read vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()` When enabling UBSAN on Raspberry Pi 5, we get the following warning: [ 387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3 [ 387.903868] index 7 is out of range for type '__u32 [7]' [ 387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G WC 6.10.3-v8-16k-numa #151 [ 387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT) [ 387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched] [ 387.932525] Call trace: [ 387.935296] dump_backtrace+0x170/0x1b8 [ 387.939403] show_stack+0x20/0x38 [ 387.942907] dump_stack_lvl+0x90/0xd0 [ 387.946785] dump_stack+0x18/0x28 [ 387.950301] __ubsan_handle_out_of_bounds+0x98/0xd0 [ 387.955383] v3d_csd_job_run+0x3a8/0x438 [v3d] [ 387.960707] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched] [ 387.966862] process_one_work+0x62c/0xb48 [ 387.971296] worker_thread+0x468/0x5b0 [ 387.975317] kthread+0x1c4/0x1e0 [ 387.978818] ret_from_fork+0x10/0x20 [ 387.983014] ---[ end trace ]--- This happens because the UAPI provides only seven configuration registers and we are reading the eighth position of this u32 array. Therefore, fix the out-of-bounds read in `v3d_csd_job_run()` by accessing only seven positions on the '__u32 [7]' array.
local
low complexity
linux CWE-125
7.1
2024-09-04 CVE-2024-34658 Out-of-bounds Read vulnerability in Samsung Notes
Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.
local
low complexity
samsung CWE-125
7.1
2024-09-02 CVE-2024-33047 Out-of-bounds Read vulnerability in Qualcomm products
Memory corruption when the captureRead QDCM command is invoked from user-space.
local
low complexity
qualcomm CWE-125
7.8
2024-09-02 CVE-2024-33048 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
network
low complexity
qualcomm CWE-125
7.5
2024-09-02 CVE-2024-33050 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
network
low complexity
qualcomm CWE-125
7.5
2024-09-02 CVE-2024-33051 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
network
low complexity
qualcomm CWE-125
7.5
2024-09-02 CVE-2024-33057 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
network
low complexity
qualcomm CWE-125
7.5
2024-09-02 CVE-2024-20084 Out-of-bounds Read vulnerability in multiple products
In power, there is a possible out of bounds read due to a missing bounds check.
4.4
2024-09-02 CVE-2024-20085 Out-of-bounds Read vulnerability in multiple products
In power, there is a possible out of bounds read due to a missing bounds check.
4.4
2024-09-02 CVE-2024-20088 Out-of-bounds Read vulnerability in Google Android 12.0/13.0/14.0
In keyinstall, there is a possible out of bounds read due to a missing bounds check.
local
low complexity
google CWE-125
4.4