Количество 12
Количество 12
CVE-2023-53456
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails.
CVE-2023-53456
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails.
CVE-2023-53456
In the Linux kernel, the following vulnerability has been resolved: s ...
GHSA-vp46-h7c5-rj5w
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails.
SUSE-SU-2025:03614-1
Security update for the Linux Kernel
SUSE-SU-2025:3751-1
Security update for the Linux Kernel
SUSE-SU-2025:03600-1
Security update for the Linux Kernel
SUSE-SU-2025:03615-1
Security update for the Linux Kernel
SUSE-SU-2025:03634-1
Security update for the Linux Kernel
SUSE-SU-2025:4141-1
Security update for the Linux Kernel
SUSE-SU-2025:4132-1
Security update for the Linux Kernel
SUSE-SU-2025:4057-1
Security update for the Linux Kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-53456 In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails. | CVSS3: 5.5 | 0% Низкий | 4 месяца назад |
 | CVE-2023-53456 In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails. | CVSS3: 5.5 | 0% Низкий | 4 месяца назад |
| CVE-2023-53456 In the Linux kernel, the following vulnerability has been resolved: s ... | CVSS3: 5.5 | 0% Низкий | 4 месяца назад |
| GHSA-vp46-h7c5-rj5w In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails. | CVSS3: 5.5 | 0% Низкий | 4 месяца назад |
 | SUSE-SU-2025:03614-1 Security update for the Linux Kernel | 4 месяца назад | ||
| SUSE-SU-2025:3751-1 Security update for the Linux Kernel | 4 месяца назад | ||
| SUSE-SU-2025:03600-1 Security update for the Linux Kernel | 4 месяца назад | ||
| SUSE-SU-2025:03615-1 Security update for the Linux Kernel | 4 месяца назад | ||
| SUSE-SU-2025:03634-1 Security update for the Linux Kernel | 4 месяца назад | ||
| SUSE-SU-2025:4141-1 Security update for the Linux Kernel | 3 месяца назад | ||
| SUSE-SU-2025:4132-1 Security update for the Linux Kernel | 3 месяца назад | ||
| SUSE-SU-2025:4057-1 Security update for the Linux Kernel | 3 месяца назад |
Уязвимостей на страницу