CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-JCPC-3VWC-J47Q
Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-27 00:01A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.
{
"affected": [],
"aliases": [
"CVE-2021-1422"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-16T13:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.",
"id": "GHSA-jcpc-3vwc-j47q",
"modified": "2022-05-27T00:01:01Z",
"published": "2022-05-24T19:08:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1422"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JCVR-2W9W-X2RH
Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-23 00:00Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2021-35101"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-14T10:15:00Z",
"severity": "MODERATE"
},
"details": "Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile",
"id": "GHSA-jcvr-2w9w-x2rh",
"modified": "2022-06-23T00:00:27Z",
"published": "2022-06-15T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35101"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFGV-R9X2-7MHR
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.
{
"affected": [],
"aliases": [
"CVE-2024-23350"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:45Z",
"severity": "MODERATE"
},
"details": "Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.",
"id": "GHSA-jfgv-r9x2-7mhr",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23350"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFQ9-PQ7P-655W
Vulnerability from github – Published: 2026-05-27 18:31 – Updated: 2026-05-27 18:31A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affects some unknown processing of the component clientek Handshake Handler. Performing a manipulation of the argument proof results in reachable assertion. Remote exploitation of the attack is possible. Upgrading to version 3.13.8 is capable of addressing this issue. Upgrading the affected component is recommended.
{
"affected": [],
"aliases": [
"CVE-2026-4392"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T18:16:28Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affects some unknown processing of the component clientek Handshake Handler. Performing a manipulation of the argument proof results in reachable assertion. Remote exploitation of the attack is possible. Upgrading to version 3.13.8 is capable of addressing this issue. Upgrading the affected component is recommended.",
"id": "GHSA-jfq9-pq7p-655w",
"modified": "2026-05-27T18:31:42Z",
"published": "2026-05-27T18:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4392"
},
{
"type": "WEB",
"url": "https://files.teamspeak-services.com/docs/security/TS-SA-2026-001.html"
},
{
"type": "WEB",
"url": "https://modzero.com/en/advisories/mz-26-01-teamspeak"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/366316"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/366316/cti"
},
{
"type": "WEB",
"url": "https://www.teamspeak.com/en/downloads/#server"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JG36-89RW-QGR3
Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
{
"affected": [],
"aliases": [
"CVE-2020-11653"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-08T23:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.",
"id": "GHSA-jg36-89rw-qgr3",
"modified": "2022-05-24T17:13:57Z",
"published": "2022-05-24T17:13:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11653"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html"
},
{
"type": "WEB",
"url": "https://varnish-cache.org/security/VSV00005.html#vsv00005"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JH9R-C248-CVW6
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2023-05-03 12:30Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
{
"affected": [],
"aliases": [
"CVE-2021-38385"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-30T05:15:00Z",
"severity": "HIGH"
},
"details": "Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.",
"id": "GHSA-jh9r-c248-cvw6",
"modified": "2023-05-03T12:30:22Z",
"published": "2022-05-24T19:12:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38385"
},
{
"type": "WEB",
"url": "https://blog.torproject.org"
},
{
"type": "WEB",
"url": "https://blog.torproject.org/node/2062"
},
{
"type": "WEB",
"url": "https://bugs.torproject.org/tpo/core/tor/40078"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JHH4-VHHC-XPJQ
Vulnerability from github – Published: 2023-09-20 15:30 – Updated: 2023-11-03 21:30A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.
This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.
{
"affected": [],
"aliases": [
"CVE-2023-4236"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-20T13:15:12Z",
"severity": "HIGH"
},
"details": "A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.",
"id": "GHSA-jhh4-vhhc-xpjq",
"modified": "2023-11-03T21:30:20Z",
"published": "2023-09-20T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4236"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2023-4236"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231013-0004"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5504"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JHQ9-WM9M-CF89
Vulnerability from github – Published: 2021-05-21 14:23 – Updated: 2024-10-31 20:50Impact
An attacker can cause a denial of service by controlling the values of num_segments tensor argument for UnsortedSegmentJoin:
import tensorflow as tf
inputs = tf.constant([], dtype=tf.string)
segment_ids = tf.constant([], dtype=tf.int32)
num_segments = tf.constant([], dtype=tf.int32)
separator = ''
tf.raw_ops.UnsortedSegmentJoin(
inputs=inputs, segment_ids=segment_ids,
num_segments=num_segments, separator=separator)
This is because the implementation assumes that the num_segments tensor is a valid scalar:
const Tensor& num_segments_tensor = context->input(2);
auto num_segments = num_segments_tensor.scalar<NUM_SEGMENTS_TYPE>()();
Since the tensor is empty the CHECK involved in .scalar<T>()() that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.
Patches
We have patched the issue in GitHub commit 704866eabe03a9aeda044ec91a8d0c83fc1ebdbe.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29552"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T21:12:05Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nAn attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`:\n\n```python\nimport tensorflow as tf\n\ninputs = tf.constant([], dtype=tf.string)\nsegment_ids = tf.constant([], dtype=tf.int32)\nnum_segments = tf.constant([], dtype=tf.int32)\nseparator = \u0027\u0027\n\ntf.raw_ops.UnsortedSegmentJoin(\n inputs=inputs, segment_ids=segment_ids,\n num_segments=num_segments, separator=separator)\n```\n\nThis is because the [implementation](https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar:\n\n```cc\nconst Tensor\u0026 num_segments_tensor = context-\u003einput(2);\nauto num_segments = num_segments_tensor.scalar\u003cNUM_SEGMENTS_TYPE\u003e()();\n```\n\nSince the tensor is empty the `CHECK` involved in `.scalar\u003cT\u003e()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.\n\n### Patches\nWe have patched the issue in GitHub commit [704866eabe03a9aeda044ec91a8d0c83fc1ebdbe](https://github.com/tensorflow/tensorflow/commit/704866eabe03a9aeda044ec91a8d0c83fc1ebdbe).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.",
"id": "GHSA-jhq9-wm9m-cf89",
"modified": "2024-10-31T20:50:24Z",
"published": "2021-05-21T14:23:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jhq9-wm9m-cf89"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29552"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/704866eabe03a9aeda044ec91a8d0c83fc1ebdbe"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-480.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-678.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-189.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "CHECK-failure in `UnsortedSegmentJoin`"
}
GHSA-JHR3-25H7-QP3M
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-06 18:30In the Linux kernel, the following vulnerability has been resolved:
accel/ethosu: reject NPU_OP_RESIZE commands from userspace
NPU_OP_RESIZE is a U85-only command that the driver does not yet implement. The existing WARN_ON(1) placeholder fires unconditionally whenever userspace submits this command via DRM_IOCTL_ETHOSU_GEM_CREATE, causing unbounded kernel log spam.
If panic_on_warn is set the kernel panics, giving any unprivileged user with access to the DRM device a trivial denial-of-service primitive.
Replace the WARN_ON(1) with an explicit -EINVAL return so the ioctl rejects the command before it reaches hardware.
{
"affected": [],
"aliases": [
"CVE-2026-53169"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:34Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ethosu: reject NPU_OP_RESIZE commands from userspace\n\nNPU_OP_RESIZE is a U85-only command that the driver does not yet\nimplement. The existing WARN_ON(1) placeholder fires unconditionally\nwhenever userspace submits this command via DRM_IOCTL_ETHOSU_GEM_CREATE,\ncausing unbounded kernel log spam.\n\nIf panic_on_warn is set the kernel panics, giving any unprivileged user\nwith access to the DRM device a trivial denial-of-service primitive.\n\nReplace the WARN_ON(1) with an explicit -EINVAL return so the ioctl\nrejects the command before it reaches hardware.",
"id": "GHSA-jhr3-25h7-qp3m",
"modified": "2026-07-06T18:30:36Z",
"published": "2026-06-25T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53169"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70090a32f56a4589e7e860e0f9a8fbe4417df0a1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ef911805d86a05363d3ec2fa9835a41def83bb7e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JM38-H5C6-FXWQ
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 18:30Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2022-25691"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "HIGH"
},
"details": "Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile",
"id": "GHSA-jm38-h5c6-fxwq",
"modified": "2022-12-15T18:30:19Z",
"published": "2022-12-13T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25691"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.