Количество 6
Количество 6
CVE-2023-52466
An out-of-bounds read flaw was found in pci_dev_for_each_resource() in the Linux Kernel. The pointer in the pci_dev_for_each_resource() may be wrong. For example, it might be used for the out-of-bounds read. This issue was identified by the Coverity static analysis tool, which flagged a pointer (res) that could be used incorrectly, potentially leading to accessing memory outside its bounds.
CVE-2023-52466
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
GHSA-3fmx-gx73-5jg7
In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() Coverity complains that pointer in the pci_dev_for_each_resource() may be wrong, i.e., might be used for the out-of-bounds read. There is no actual issue right now because we have another check afterwards and the out-of-bounds read is not being performed. In any case it's better code with this fixed, hence the proposed change. As Jonas pointed out "It probably makes the code slightly less performant as res will now be checked for being not NULL (which will always be true), but I doubt it will be significant (or in any hot paths)."
BDU:2024-01666
Уязвимость функции pci_dev_for_each_resource() компонента PCI ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
ROS-20241011-02
Множественные уязвимости kernel-lt
ELSA-2024-9315
ELSA-2024-9315: kernel security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-52466 An out-of-bounds read flaw was found in pci_dev_for_each_resource() in the Linux Kernel. The pointer in the pci_dev_for_each_resource() may be wrong. For example, it might be used for the out-of-bounds read. This issue was identified by the Coverity static analysis tool, which flagged a pointer (res) that could be used incorrectly, potentially leading to accessing memory outside its bounds. | CVSS3: 4.4 | больше 1 года назад | |
 | CVE-2023-52466 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | больше 1 года назад | ||
| GHSA-3fmx-gx73-5jg7 In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() Coverity complains that pointer in the pci_dev_for_each_resource() may be wrong, i.e., might be used for the out-of-bounds read. There is no actual issue right now because we have another check afterwards and the out-of-bounds read is not being performed. In any case it's better code with this fixed, hence the proposed change. As Jonas pointed out "It probably makes the code slightly less performant as res will now be checked for being not NULL (which will always be true), but I doubt it will be significant (or in any hot paths)." | больше 1 года назад | ||
 | BDU:2024-01666 Уязвимость функции pci_dev_for_each_resource() компонента PCI ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании | CVSS3: 7.1 | больше 1 года назад | |
 | ROS-20241011-02 Множественные уязвимости kernel-lt | CVSS3: 7.8 | 8 месяцев назад | |
| ELSA-2024-9315 ELSA-2024-9315: kernel security update (MODERATE) | 7 месяцев назад |
Уязвимостей на страницу