Policies Overview

CVE ID

File and code paths

Relevance to the service

Risk level

Impact

Fixing recommendation

Fixing status

CVE-2018-8043

kernel/linux-4.9/drivers/net/phy/mdio-bcm-unimac.c",
                    "line": 179

The tunimac_mdio_probe function, as the core initialization routine for the BCM UniMAC MDIO bus driver in Linux kernel, is primarily responsible for the detection and initialization of MDIO bus controller, establishing communication basis between PHY (physical layer) devices and MAC (media access control layer).

Medium

Service denied locally

Not required to fix

Fixed

CVE-2019-14835

_kernel/linux-4.9/drivers/vhost/vhost.c",
                    "line": 1990
kernel/linux-4.9/drivers/vhost/vhost.c",
                    "line": 2126

vhost in the kernel. The vhost module is designed to accelerate I/O operations in an virtual environments by translating the virtqueue (virtual queue) buffers of virtual machine into the host machine IOV (I/O vectors, which describe data locations and lengths in memory).
Scenario when this vulnerability is triggered: A buffer overflow vulnerability exists in vhost when buffer descriptors are being recorded during virtual machine migration.

High

Overflow. Privilege escalated

Fixing is recommended if it is in use

Fixed

CVE-2019-17053

kernel/linux-4.9/net/ieee802154/socket.c",
                    "line": 1005

AF_IEEE802154 is the network address family in the Linux kernel designed to support the IEEE 802.15.4 protocol. It serves as the core protocol support module for short-range wireless communication in Internet of Things (IoT) and embedded devices as it is primarily designed for low-rate wireless personal area network (LR-WPAN) scenarios.

Medium

Connection established by unauthorized users

Recommendation: Fixing is recommended if it is in use

Fixed

CVE-2019-19051

kernel/linux-4.9/drivers/net/wimax/i2400m/op-rfkill.c",
                    "line": 150

The file kernel/linux-4.9/drivers/net/wimax/i2400m/op-rfkill.c is the implementation file in the Linux kernel for RFKill operations designed for Intel WiMAX devices (i2400m series).
RFKill is a framework in the Linux kernel designed for managing radio frequency switches in devices. It controls the switch of radio signals for wireless devices (such as WiMAX, Wi-Fi, Bluetooth, etc.), so that users can disable wireless functions (e.g., airplane mode) at the hardware level.

Medium

Overflow. Service denied

Fixing is recommended if it is in use

Fixed

CVE-2019-19052

kernel/linux-4.9/drivers/net/can/usb/gs_usb.c",
                    "line": 635

The program kernel/linux-4.9/drivers/net/can/usb/gs_usb.c is a Linux kernel driver for USB-based CAN (controller area network) devices. It primarily supports USB-to-CAN adapters compliant with the gs_usb protocol.
This kind of devices, facilitating data transmission and reception on CAN bus networks, are typically designed to convert USB interfaces to CAN bus interfaces, and widely implemented in industrial control and automotive electronics applications.

Medium

Overflow. Service denied

Fixing is recommended if it is in use

Fixed

CVE-2019-19062

_kernel/linux-4.9/crypto/crypto_user.c",
                    "line": 273

A key file in the Linux kernel that is used to handle interactions between user space and the kernel crypto subsystem (Crypto API). It primarily works as an interface to initiate the communication between user space programs and the kernel crypto framework via ioctl or system calls.

Medium

Overflow. Service denied

Fixing is recommended if it is in use

Fixed

CVE-2020-10757

kernel/linux-4.9/mm/mremap.c",
                    "line": 215

This is the core file of the memory management subsystem in the Linux kernel, which is responsible for the mremap() system call. The mremap() system call serves as a critical mechanism for dynamic memory area expansion/contraction by enabling processes to resize and relocate mapped memory regions. It has been widely implemented in scenarios requiring flexible memory management, such as dynamic memory allocation and inter-process communication buffer adjustments.

High

Local privilege escalated

Fixing is recommended if it is in use

Fixed

CVE-2020-12352

"/media/kali/F981-8781/cx1_kernel/linux-4.9/net/bluetooth/a2mp.c",
                    "line": 238

The source code file that implements A2MP (AMP Manager Protocol) in the Linux kernel, which comprises part of the Bluetooth subsystem. The A2MP protocol, introduced in Bluetooth 3.0 and later versions, is designed to manage AMP (Alternate MAC/PHY). It enables Bluetooth devices to transmit data through high-speed alternate radio frequencies (such as 802.11 Wi-Fi) to enhance transfer rates.

High

Unauthorized access

Fixing is recommended if it is in use

Fixed

CVE-2020-14351

kernel/linux-4.9/kernel/events/core.c",
                    "line": 5103

The core implementation file of the Performance Events Subsystem in the Linux kernel, which provides a unified framework for performance monitoring, analysis, and debugging. It supports hardware performance counters, software event tracing, dynamic probes and other functions, serving as the underlying infrastructure for the perf tool.

High

Local privilege escalated

Fixing is recommended if it is in use

Unpatched. This vulnerability, categorized as a local one, has been controlled by the system at the local access level, and will not impact system security when it is not fixed.

CVE-2020-29371

kernel/linux-4.9/fs/romfs/storage.c",
                    "line": 223

The auxiliary implementation file for ROMFS (Read-only memory file system) in the Linux kernel, primarily for low-level storage data access and parsing logic of the ROM file system.

High

Memory leak

Recommendation: Fixing is recommended if it is in use

Fixed

CVE-2020-29661

kernel/linux-4.9/drivers/tty/tty_io.c",
                    "line": 2648

One of the core files in the Linux kernel TTY (Teletypewriter) subsystem, responsible for input/output (I/O) operations of TTY devices. It serves as the critical interface layer between user space and terminal devices (such as virtual terminals, serial ports, pseudo terminals, etc.).

High

Memory corruption. Malicious codes will be executed via this vulnerability.

It is recommended to fix it

Fixed

CVE-2020-35508

kernel/linux-4.9/kernel/fork.c",
                    "line": 1865

 A key file in the Linux kernel to create core processes and manage core logic, containing the underlying implementations of system calls such as fork(), vfork(), and clone(). These system calls form the foundation of the Linux process model, responsible for creating new processes, duplicating process resources, and maintaining inter-process relationships.

High

Inspection bypass and arbitrary signals sent to privileged processes.

It is recommended to fix it

Unpatched. This vulnerability, categorized as a local one, has been controlled by the system at the local access level, and will not impact system security when it is not fixed.

CVE-2020-36386

kernel/linux-4.9/net/bluetooth/hci_event.c",
                    "line": 3834

The core file that processes HCI (Host Controller Interface) events in the Bluetooth subsystem of the Linux kernel. HCI serves as the communication interface between a Bluetooth host and its controller (e.g., Bluetooth chip), while HCI events represent the mechanism through which the controller reports status changes, operation results, or external occurrences (such as device discovery, connection establishment, data reception) to the Bluetooth host.

High

Sensitive information leakage or system crash

It is recommended to fix it

Fixed

CVE-2020-8694

kernel/linux-4.9/drivers/powercap/powercap_sys.c",
                    "line": 382

 The core implementation file of the powercap subsystem in the Linux kernel, responsible for system-level power capping. This subsystem, enabling user space utilities to monitor and regulate power consumption of hardware components (e.g., CPUs, GPUs, or other devices), serves as a critical mechanism to implement energy management, thermal control, and performance optimization.

High

Sensitive information leakage

It is recommended to fix it

Fixed

CVE-2021-29647

kernel/linux-4.9/net/qrtr/qrtr.c",
                    "line": 729

The core implementation file of the QRTR (Qualcomm Remote Procedure Call Transport) protocol in the Linux kernel.

High

Sensitive information leakage

Fixing is recommended if it is in use

Fixed

CVE-2021-33909

kernel/linux-4.9/fs/seq_file.c",
                    "line": 26

 The core file providing the sequential file operation framework in the Linux kernel. Sequence files refer to file interfaces primarily designed for the kernel to efficiently output structured or dynamically generated data (such as process lists, device statuses, and statistical information) to user space. They are extensively implemented in /proc and /sys file systems.

High

Privilege bypass

Fixing is recommended if it is in use

Fixed

CVE-2022-0847

kernel/linux-4.9/lib/iov_iter.c",
                    "line": 372

 The core implementation file for I/O vector iterator (iov_iter) handling in the Linux kernel. iov_iter is an abstract data structure designed to unify scatter-gather I/O operations, where data resides across multiple non-contiguous memory regions. It serves as a fundamental mechanism for efficient read/write operations in subsystems requiring high-performance handling of discontinuous data, including file systems, network protocol stacks, and device drivers.

High

Privilege bypass

It is recommended to fix it

Fixed

CVE ID

File path

Relevance to the service

Risk level

Impact

Fixing recommendation

Fixing status

CVE-2018-1000517 

/bin/busybox

Busybox wget contains a buffer overflow vulnerability that may lead to heap buffer overflow. This type of attack can be exploited through network connections.

High

Heap buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-30767

/lib/firmware/uboot.img

In net/nfs.c of Das U-Boot, an unbounded memcpy exists in nfs_lookup_reply up to version 2022.04 (and through 2022.07-rc2), where length validation fails, resulting in buffer overflow.

Medium

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-34835 

/lib/firmware/uboot.img

In Das U-Boot up to version 2022.07-rc5, an integer sign error in the "i2c md" command and the resulting stack-based buffer overflow could corrupt the return address pointer in the do_i2c_md function.

Medium

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2018-11236

/lib/libc-2.23.so

For stdlib/canonicalize.c in GNU C Library (also known as glibc or libc6) with the version 2.27 and earlier ones, when extremely long pathname arguments for the realpath function are processed, integer overflow may occur on 32-bit architectures, potentially leading to stack-based buffer overflow and arbitrary code execution vulnerabilities.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-23218 

/lib/libc-2.23.so

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (glibc) prior to version 2.34 copies its path parameter onto the stack without validating its length. This vulnerability may lead to buffer overflow, potentially resulting in denial of service or (if stack protector is not enabled in the application) arbitrary code execution.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-23219

/lib/libc-2.23.so

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (also known as glibc) prior to version 2.34 copies its hostname parameter onto the stack without validating its length. This vulnerability may lead to buffer overflow, potentially resulting in denial of service or (if the application is not built with stack protector enabled) arbitrary code execution.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2019-11059

/sbin/fw_printenv

Das U-Boot from version 2016.11-rc1 to 2019.04 incorrectly handled ext4 64-bit extensions, resulting in buffer overflow vulnerabilities.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2018-20060

opt/ros/kinetic/lib/python2.7/dist-packages/urllib3-1.22-py2.7.egg/EGG-INFO/PKG-INFO

urllib3 up to version 1.23 did not strip the Authorization HTTP header during cross-origin redirects (i.e., redirects to different hosts, ports, or schemes). This may allow credentials in the Authorization header to be exposed to unintended hosts or transmitted in clear text.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-22822

/usr/lib/python2.7/lib-dynload/pyexpat.so

Expat (also known as libexpat) up to version 2.4.3 contained an integer overflow vulnerability in the addBinding function within xmlparse.c.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-23852 

/usr/lib/python2.7/lib-dynload/pyexpat.so

Expat (also known as libexpat) up to version 2.4.4 contained a signed integer overflow vulnerability in XML_GetBuffer when configured with non-zero XML_CONTEXT_BYTES.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-25235 

/usr/lib/python2.7/lib-dynload/pyexpat.so

Expat (also known as libexpat) up to version 2.4.5 in xmltok_impl.c lacked certain encoding validations, such as verifying whether UTF-8 characters were valid within specific contexts.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-25236

/usr/lib/python2.7/lib-dynload/pyexpat.so

Expat (also known as libexpat) up to version 2.4.5 in xmlparse.c permitted attackers to inject namespace separator characters into namespace URIs.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-25315

/usr/lib/python2.7/lib-dynload/pyexpat.so

In Expat (also known as libexpat) up to version 2.4.5, an integer overflow vulnerability exists in the storeRawNames function.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2024-45491

/usr/lib/python2.7/lib-dynload/pyexpat.so

An issue was identified in libexpat up to version 2.6.3. The dtdCopy function in xmlparse.c may cause integer overflow on 32-bit platforms when processing nDefaultAtts (where UINT_MAX equals SIZE_MAX).

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-37434

/usr/lib/python2.7/distutils/command/wininst-6.0.exe

/usr/lib/python2.7/distutils/command/wininst-9.0.exe

/usr/lib/python2.7/distutils/command/wininst-8.0.exe

/usr/lib/python2.7/distutils/command/wininst-7.1.exe

/usr/lib/python2.7/distutils/command/wininst-9.0-amd64.exe

zlib (up to version 1.2.12) has a heap-based buffer over-read or buffer overflow in inflate via a large gzip header extra field in inflate.c.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2023-45853

/usr/lib/python2.7/distutils/command/wininst-6.0.exe

/usr/lib/python2.7/distutils/command/wininst-9.0.exe

/usr/lib/python2.7/distutils/command/wininst-8.0.exe

/usr/lib/python2.7/distutils/command/wininst-7.1.exe

/usr/lib/python2.7/distutils/command/wininst-9.0-amd64.exe

MiniZip in lib (up to version 1.3) contains an integer overflow vulnerability that leads to heap-based buffer overflow via excessively long filenames, comments, or extra fields in the zipOpenNewFileInZip4_64 function.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-22822

/usr/lib/libPocoXML.so.47

Expat (also known as libexpat) up to version 2.4.3 contained an integer overflow vulnerability in the addBinding function within xmlparse.c.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-23852

/usr/lib/libPocoXML.so.47

Expat (also known as libexpat) up to version 2.4.4 contained a signed integer overflow vulnerability in XML_GetBuffer when configured with non-zero XML_CONTEXT_BYTES.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-25235

/usr/lib/libPocoXML.so.47

Expat (also known as libexpat) up to version 2.4.5 in xmltok_impl.c lacked certain encoding validations, such as verifying whether UTF-8 characters were valid within specific contexts.

High

Defect verification

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-25236 

/usr/lib/libPocoXML.so.47

Expat (also known as libexpat) up to version 2.4.5 in xmlparse.c permitted attackers to inject namespace separator characters into namespace URIs.

High

Defect verification

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-25315 

/usr/lib/libPocoXML.so.47

In Expat (also known as libexpat) up to version 2.4.5, an integer overflow vulnerability exists in the storeRawNames function.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2021-3520

/usr/bin/lz4c

/usr/bin/lz4

/usr/bin/lz4cat

/usr/bin/unlz4

/usr/lib/liblz4.so.1.8.3

lz4 has a defect. An attacker submitting a carefully crafted file to an application linked with lz4 could trigger an integer overflow, resulting in a memmove() call with a negative size parameter. This may lead to out-of-bound writes and/or system crashes.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2019-12900 

/usr/lib/libbz2.so.1.0.6

BZ2_decompress in decompress.c in bzip2 (up to version 1.0.6) has an out-of-bounds write when handling a large number of selectors.

High

Defect verification

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2021-22945 

/usr/lib/libcurl.so.4.7.0

When transmitting data to an MQTT server, libcurl (versions <= 7.73.0 and 7.78.0) may erroneously retain pointers to deallocated memory regions under certain circumstances, subsequently reusing these pointers for data transmission and deallocation in subsequent calls.

High

Memory error

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2021-20231 

/usr/lib/libgnutls.so.30.23.0

A vulnerability has been identified in gnutls. Issues from the use of extended key_share after client-side release may lead to memory corruption and other consequences.

High

Memory error

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2021-20232 

/usr/lib/libgnutls.so.30.23.0

A vulnerability has been identified in gnutls. A use-after-free vulnerability in the client_send_params function within lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

High

Memory error

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-37434 

/usr/lib/libz.so.1.2.8

/usr/lib/libPocoFoundation.so.47

zlib (up to version 1.2.12) has a heap-based buffer over-read or buffer overflow in inflate via a large gzip header extra field in inflate.c.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2023-45853

/usr/lib/libz.so.1.2.8

/usr/lib/libPocoFoundation.so.47

zlib (up to version 1.3) contains an integer overflow vulnerability in MiniZip, which can trigger heap-based buffer overflow via excessively long filenames, comments, or extra fields within the zipOpenNewFileInZip4_64 function.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2019-12450

/usr/lib/libglib-2.0.so.0.5000.1

/usr/lib/libgio-2.0.so.0.5000.1

/usr/lib/libgobject-2.0.so.0.5000.1

/usr/lib/libgmodule-2.0.so.0.5000.1

/usr/lib/libgthread-2.0.so.0.5000.1

In GNOME GLib (from versions 2.15.0 to 2.61.1), the file_copy_fallback function in gio/gfile.c fails to properly enforce file permission restrictions during copy operations.

High

Privilege error

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2024-5197 

/usr/lib/libvpx.so.4.0.0

In versions prior to 1.14.1, an integer overflow vulnerability existed within libvpx. Invoking vpx_img_alloc() with larger d_w, d_h, or align parameter values may result in integer overflow during buffer size and offset calculations, potentially rendering certain fields of the returned vpx_image_t structure invalid. Invoking vpx_img_wrap() with larger d_w, d_h, or stride_align parameter values may result in integer overflow during buffer size and offset calculations, potentially rendering certain fields of the returned vpx_image_t structure invalid.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2018-1000802

/usr/lib/libpython2.7.so.1.0

Python Software Foundation Python (CPython) (version 2.7) contains CWE-77: Improper Neutralization of Special Elements used in a Command ("Command Injection") vulnerability within the shutil module (make_archive function), which may lead to denial of service, information disclosure through injection of arbitrary files on the system or entire drive.

High

Command injection with privilege bypass

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2019-10160

/usr/lib/libpython2.7.so.1.0

When the application parses user-provided URLs to store cookies, identity verification credentials, or other types of information, attackers may craft malicious URLs that cause the application to retrieve host-related information (such as cookies or identity verification data) and transmit it to unintended hosts.

High

Identity verification error

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2019-9636

/usr/lib/libpython2.7.so.1.0

Python 2.7.x to 2.7.16 and 3.x to 3.7.2 are affected by the following factors: Improper Unicode encoding handling during NFKC normalization (incorrect netloc). Impact: Information disclosure (such as credentials, and cookies cached for the given hostname). Components: urllib.parse.urlsplit and urllib.parse.urlparse. Attack vector: Potentially misparsing specially crafted URLs to retrieve cookie or identity verification data, then transmitting that information to a host different from what would result from correct parsing.

High

Coding processing error

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2019-9948

/usr/lib/libpython2.7.so.1.0

The urllib module in Python 2.x to 2.7.16 supports local_file: This makes it easier for remote attackers to bypass the protection mechanism that puts file:URL into the blacklist, such as what demonstrated by triggering the urllib.urlopen('local_file:///etc/passwd') call.

High

Privilege bypass

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2022-48565

/usr/lib/libpython2.7.so.1.0

An XML external entity (XXE) vulnerability was identified in Python 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to mitigate XML vulnerabilities.

High

Privilege bypass

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2019-19646

/usr/lib/libsqlite3.so.0.8.6

In SQLite up to version 3.30.1, the pragma.c module incorrectly handled NOT NULL constraints in certain column generation scenarios when processing the integrity_check PRAGMA command.

High

Function error

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2019-8457

/usr/lib/libsqlite3.so.0.8.6

From SQLite3 version 3.6.0 to 3.27.2 (inclusive), the rtreenode() function is vulnerable to heap out-of-bounds read vulnerabilities when processing malformed rtree tables.

High

Function error

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2020-11656 

/usr/lib/libsqlite3.so.0.8.6

In SQLite up to version 3.31.1, the ALTER TABLE implementation contains a use-after-free vulnerability, as demonstrated in the ORDER BY clause of compound SELECT statements.

High

Function error

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2025-3277 

/usr/lib/libsqlite3.so.0.8.6

Integer overflow can be triggered in the "concat_ws()" function of SQLite. Next, the generated truncated integer can be used to allocate the buffer. When SQLite writes the result string to the buffer, it uses the original, untruncated size, potentially triggering a wild heap buffer overflow of approximately 4GB. This may result in arbitrary code execution.

High

Buffer overflow

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted

CVE-2025-6965

/usr/lib/libsqlite3.so.0.8.6

SQLite prior to version 3.50.2 contained a vulnerability where the number of aggregate terms could exceed the available column count. This may result in memory corruption.

High

Memory error

Fixing is recommended if it is in use.

Delete this file if it is not in use.

Deleted