MontaVista continually monitors the security community and customers for threats. We follow the community on CVE scoring (NVD) and set fix priority accordingly for affected products. Please view the following CVEs that have been remediated or are in process by clicking the CVE Year to the left or use the CVE Filters below.
For inquiries regarding Security Vulnerabilities, please see our Vulnerability Response Policy or email our PSIRT team security@mvista.com. Email messages and attachments can be encrypted using PGP and a MontaVista PSIRT PGP key, which is available for download here.
CVE | Score | Severity | Package | Description | Published |
---|---|---|---|---|---|
CVE-2024-47539 |
9.8 (i)
| CRITICAL | gstreamer-plugins-good | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | 2025-01-14 |
CVE-2025-0306 |
7.4 (i)
| HIGH | ruby | A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. | 2025-01-09 |
CVE-2024-56827 |
5.6 (i)
| MEDIUM | openjpeg | A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. | 2025-01-09 |
CVE-2024-56826 |
5.6 (i)
| MEDIUM | openjpeg | A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. | 2025-01-09 |
CVE-2024-56765 |
7.8 (i)
| HIGH | kernel | In the Linux kernel, the following vulnerability has been resolved:powerpc/pseries/vas: Add close() callback in vas_vm_ops structThe mapping VMA address is saved in VAS window struct when thepaste address is mapped. This VMA address is used during migrationto unmap the paste address if the window is active. The pasteaddress mapping will be removed when the window is closed or withthe munmap(). But the VMA address in the VAS window is not updatedwith munmap() which is causing invalid access during migration.The KASAN report shows:[16386.254991] BUG: KASAN: slab-use-after-free in reconfig_close_windows+0x1a0/0x4e8[16386.255043] Read of size 8 at addr c00000014a819670 by task drmgr/696928[16386.255096] CPU: 29 UID: 0 PID: 696928 Comm: drmgr Kdump: loaded Tainted: G B 6.11.0-rc5-nxgzip #2[16386.255128] Tainted: [B]=BAD_PAGE[16386.255148] Hardware name: IBM,9080-HEX Power11 (architected) 0x820200 0xf000007 of:IBM,FW1110.00 (NH1110_016) hv:phyp pSeries[16386.255181] Call Trace:[16386.255202] [c00000016b297660] [c0000000018ad0ac] dump_stack_lvl+0x84/0xe8 (unreliable)[16386.255246] [c00000016b297690] [c0000000006e8a90] print_report+0x19c/0x764[16386.255285] [c00000016b297760] [c0000000006e9490] kasan_report+0x128/0x1f8[16386.255309] [c00000016b297880] [c0000000006eb5c8] __asan_load8+0xac/0xe0[16386.255326] [c00000016b2978a0] [c00000000013f898] reconfig_close_windows+0x1a0/0x4e8[16386.255343] [c00000016b297990] [c000000000140e58] vas_migration_handler+0x3a4/0x3fc[16386.255368] [c00000016b297a90] [c000000000128848] pseries_migrate_partition+0x4c/0x4c4...[16386.256136] Allocated by task 696554 on cpu 31 at 16377.277618s:[16386.256149] kasan_save_stack+0x34/0x68[16386.256163] kasan_save_track+0x34/0x80[16386.256175] kasan_save_alloc_info+0x58/0x74[16386.256196] __kasan_slab_alloc+0xb8/0xdc[16386.256209] kmem_cache_alloc_noprof+0x200/0x3d0[16386.256225] vm_area_alloc+0x44/0x150[16386.256245] mmap_region+0x214/0x10c4[16386.256265] do_mmap+0x5fc/0x750[16386.256277] vm_mmap_pgoff+0x14c/0x24c[16386.256292] ksys_mmap_pgoff+0x20c/0x348[16386.256303] sys_mmap+0xd0/0x160...[16386.256350] Freed by task 0 on cpu 31 at 16386.204848s:[16386.256363] kasan_save_stack+0x34/0x68[16386.256374] kasan_save_track+0x34/0x80[16386.256384] kasan_save_free_info+0x64/0x10c[16386.256396] __kasan_slab_free+0x120/0x204[16386.256415] kmem_cache_free+0x128/0x450[16386.256428] vm_area_free_rcu_cb+0xa8/0xd8[16386.256441] rcu_do_batch+0x2c8/0xcf0[16386.256458] rcu_core+0x378/0x3c4[16386.256473] handle_softirqs+0x20c/0x60c[16386.256495] do_softirq_own_stack+0x6c/0x88[16386.256509] do_softirq_own_stack+0x58/0x88[16386.256521] __irq_exit_rcu+0x1a4/0x20c[16386.256533] irq_exit+0x20/0x38[16386.256544] interrupt_async_exit_prepare.constprop.0+0x18/0x2c...[16386.256717] Last potentially related work creation:[16386.256729] kasan_save_stack+0x34/0x68[16386.256741] __kasan_record_aux_stack+0xcc/0x12c[16386.256753] __call_rcu_common.constprop.0+0x94/0xd04[16386.256766] vm_area_free+0x28/0x3c[16386.256778] remove_vma+0xf4/0x114[16386.256797] do_vmi_align_munmap.constprop.0+0x684/0x870[16386.256811] __vm_munmap+0xe0/0x1f8[16386.256821] sys_munmap+0x54/0x6c[16386.256830] system_call_exception+0x1a0/0x4a0[16386.256841] system_call_vectored_common+0x15c/0x2ec[16386.256868] The buggy address belongs to the object at c00000014a819670 which belongs to the cache vm_area_struct of size 168[16386.256887] The buggy address is located 0 bytes inside of freed 168-byte region [c00000014a819670, c00000014a819718)[16386.256915] The buggy address belongs to the physical page:[16386.256928] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a81[16386.256950] memcg:c0000000ba430001[16386.256961] anon flags: 0x43ffff800000000(node=4|zone=0|lastcpupid=0x7ffff)[16386.256975] page_type: 0xfdffffff(slab)[16386---truncated--- | 2025-01-06 |
CVE-2024-56738 |
6.5 (i)
| MEDIUM | grub2 | GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. | 2024-12-29 |
CVE-2024-56737 |
7.8 (i)
| HIGH | grub2 | GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. | 2024-12-29 |
CVE-2022-21505 |
8.4 (i)
| HIGH | kernel | In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | 2024-12-24 |
CVE-2024-47835 |
7.5 (i)
| HIGH | gstreamer-plugins-base | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10. | 2024-12-12 |
CVE-2024-47834 |
9.8 (i)
| CRITICAL | gstreamer-plugins-good | GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10. | 2024-12-12 |