CVE-2024-35948

HIGH Year: 2024
CVSS v3 Score
8.4
High
Weakness Type
CWE-400
View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low priority, since the whole superblock is checksummed, validated prior to write, and we have backups.

Related Vulnerabilities

CVE-2021-0180

HIGH
CVSS:8.4(High)

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access.

CWE-4002021

CVE-2021-47313

HIGH
CVSS:8.4(High)

In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init It's a classic example of memleak, we allocate something, we fail and ...

CWE-4002021

CVE-2024-38384

HIGH
CVSS:8.4(High)

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup...

CWE-4002024

CVE-2015-1779

HIGH
CVSS:8.6(High)

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

CWE-4002015

CVE-2016-6171

HIGH
CVSS:8.6(High)

Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.

CWE-4002016

CVE-2017-15119

HIGH
CVSS:8.6(High)

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CP...

CWE-4002017