CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
685 vulnerabilities reference this CWE, most recent first.
GHSA-X39J-H85H-3F46
Vulnerability from github – Published: 2022-12-08 16:12 – Updated: 2022-12-09 15:21Impact
A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns.
A ProtoNode should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error from the codec. Manipulation of an existing (newly created or decoded) ProtoNode using the modifier methods did not account for certain states that would place the ProtoNode into an unencodeable form.
Due to conformance with the github.com/ipfs/go-block-format#Block and github.com/ipfs/go-ipld-format#Node interfaces, certain methods, which internally require a re-encode if state has changed, will panic due to the inability to return an error.
Additionally, use of the ProtoNode#SetCidBuilder() method to set a non-functioning CidBuilder (such as one that refers to a multihash where an implementation of that hash function is not available) may cause the same methods to panic as a new CID is required but cannot be created.
Patches
Releases involving fixes for this issue are v0.8.0 and v0.8.1. The recommended minimum version is v0.8.1.
- Additional checks are performed on
ProtoNodestate changes to avoid the possibility of creating unencodeable forms, errors are returned where this is the case. - The builder passed in to
SetCidBuilder()is inspected to attempt to determine if it is usable to generate CIDs, otherwise an error is returned. - The panics have been removed and replaced with default values (empty byte slice for
RawData()and a default zero-bytes DAG-PB CID for methods involving CIDs).
Workarounds
These workarounds are available when using impacted versions to avoid panic conditions, and may be generally appropriate in order to provide meaningful feedback to users and avoid generating bad, or unexpected encoded data:
- Sanitise inputs when allowing user-input to set a new
CidBuilderon aProtoNode. - Sanitise
Tsize(Link#Size) values such that they are a reasonable byte-size for sub-DAGs where derived from user-input.
References
- https://github.com/ipfs/kubo/issues/9297
- https://github.com/ipfs/go-merkledag/issues/90
- https://github.com/ipfs/go-merkledag/releases/tag/v0.8.0
- https://github.com/ipfs/go-merkledag/pull/91
- https://github.com/ipfs/go-merkledag/pull/92
- https://github.com/ipfs/go-merkledag/pull/93
- https://github.com/ipfs/go-merkledag/releases/tag/v0.8.1
Credit
Thanks to @mrd0ll4r for reporting the original error to Kubo!
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ipfs/go-merkledag"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-23495"
],
"database_specific": {
"cwe_ids": [
"CWE-252",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-08T16:12:26Z",
"nvd_published_at": "2022-12-08T22:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don\u0027t allow for error returns.\n\nA `ProtoNode` should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error from the codec. Manipulation of an existing (newly created or decoded) `ProtoNode` using the modifier methods did not account for certain states that would place the `ProtoNode` into an unencodeable form.\n\nDue to conformance with the [`github.com/ipfs/go-block-format#Block`](https://pkg.go.dev/github.com/ipfs/go-block-format#Block) and [`github.com/ipfs/go-ipld-format#Node`](https://pkg.go.dev/github.com/ipfs/go-ipld-format#Node) interfaces, certain methods, which internally require a re-encode if state has changed, will panic due to the inability to return an error.\n\nAdditionally, use of the `ProtoNode#SetCidBuilder()` method to set a non-functioning `CidBuilder` (such as one that refers to a multihash where an implementation of that hash function is not available) may cause the same methods to panic as a new CID is required but cannot be created.\n\n### Patches\n\nReleases involving fixes for this issue are [v0.8.0](https://github.com/ipfs/go-merkledag/releases/tag/v0.8.0) and [v0.8.1](https://github.com/ipfs/go-merkledag/releases/tag/v0.8.1). The recommended minimum version is **v0.8.1**.\n\n* Additional checks are performed on `ProtoNode` state changes to avoid the possibility of creating unencodeable forms, errors are returned where this is the case.\n* The builder passed in to `SetCidBuilder()` is inspected to attempt to determine if it is usable to generate CIDs, otherwise an error is returned.\n* The panics have been removed and replaced with default values (empty byte slice for `RawData()` and a default zero-bytes DAG-PB CID for methods involving CIDs).\n\n### Workarounds\n\nThese workarounds are available when using impacted versions to avoid panic conditions, and may be generally appropriate in order to provide meaningful feedback to users and avoid generating bad, or unexpected encoded data:\n\n* Sanitise inputs when allowing user-input to set a new `CidBuilder` on a `ProtoNode`.\n* Sanitise `Tsize` (`Link#Size`) values such that they are a reasonable byte-size for sub-DAGs where derived from user-input.\n\n### References\n\n* https://github.com/ipfs/kubo/issues/9297\n* https://github.com/ipfs/go-merkledag/issues/90\n* https://github.com/ipfs/go-merkledag/releases/tag/v0.8.0\n* https://github.com/ipfs/go-merkledag/pull/91\n* https://github.com/ipfs/go-merkledag/pull/92\n* https://github.com/ipfs/go-merkledag/pull/93\n* https://github.com/ipfs/go-merkledag/releases/tag/v0.8.1\n\n\n### Credit\n\nThanks to [@mrd0ll4r](https://github.com/mrd0ll4r) for reporting the original error to Kubo!",
"id": "GHSA-x39j-h85h-3f46",
"modified": "2022-12-09T15:21:18Z",
"published": "2022-12-08T16:12:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ipfs/go-merkledag/security/advisories/GHSA-x39j-h85h-3f46"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23495"
},
{
"type": "WEB",
"url": "https://github.com/ipfs/go-merkledag/issues/90"
},
{
"type": "WEB",
"url": "https://github.com/ipfs/kubo/issues/9297"
},
{
"type": "WEB",
"url": "https://github.com/ipfs/go-merkledag/pull/91"
},
{
"type": "WEB",
"url": "https://github.com/ipfs/go-merkledag/pull/92"
},
{
"type": "WEB",
"url": "https://github.com/ipfs/go-merkledag/pull/93"
},
{
"type": "WEB",
"url": "https://en.wikipedia.org/wiki/Directed_acyclic_graph"
},
{
"type": "PACKAGE",
"url": "https://github.com/ipfs/go-merkledag"
},
{
"type": "WEB",
"url": "https://github.com/ipfs/go-merkledag/releases/tag/v0.8.0"
},
{
"type": "WEB",
"url": "https://github.com/ipfs/go-merkledag/releases/tag/v0.8.1"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-1155"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "go-merkledag\u0027s ProtoNode may be modified such that common method calls may panic"
}
GHSA-X3F8-JWJC-W444
Vulnerability from github – Published: 2023-08-02 18:30 – Updated: 2024-04-04 06:29An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2023-38419"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-02T16:15:10Z",
"severity": "MODERATE"
},
"details": "An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-x3f8-jwjc-w444",
"modified": "2024-04-04T06:29:56Z",
"published": "2023-08-02T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38419"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000133472"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-X3GM-FCG7-59J9
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.
{
"affected": [],
"aliases": [
"CVE-2018-19991"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-10T00:29:00Z",
"severity": "CRITICAL"
},
"details": "VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.",
"id": "GHSA-x3gm-fcg7-59j9",
"modified": "2022-05-13T01:19:50Z",
"published": "2022-05-13T01:19:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19991"
},
{
"type": "WEB",
"url": "https://github.com/alexazhou/VeryNginx/issues/218"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X4HG-95C5-C2VP
Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2022-10-14 12:00A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.
{
"affected": [],
"aliases": [
"CVE-2022-20920"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-10T21:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.",
"id": "GHSA-x4hg-95c5-c2vp",
"modified": "2022-10-14T12:00:24Z",
"published": "2022-10-11T12:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20920"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X4RG-4545-4W7W
Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2021-11-03 14:59Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/facebook/fbthrift"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.31.1-0.20190225164308-c461c1bd1a3e"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-3564"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-755",
"CWE-834"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-17T15:32:10Z",
"nvd_published_at": "2019-05-06T16:29:00Z",
"severity": "HIGH"
},
"details": "Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.",
"id": "GHSA-x4rg-4545-4w7w",
"modified": "2021-11-03T14:59:45Z",
"published": "2022-02-15T01:57:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3564"
},
{
"type": "WEB",
"url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
},
{
"type": "PACKAGE",
"url": "https://github.com/facebook/fbthrift"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0088"
},
{
"type": "WEB",
"url": "https://www.facebook.com/security/advisories/cve-2019-3564"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Input Validation and Excessive Iteration in Go Facebook Thrift"
}
GHSA-X5H3-RQVH-323H
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to execute code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2021-43272"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-14T21:15:00Z",
"severity": "CRITICAL"
},
"details": "An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to execute code in the context of the current process.",
"id": "GHSA-x5h3-rqvh-323h",
"modified": "2022-05-24T19:20:39Z",
"published": "2022-05-24T19:20:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43272"
},
{
"type": "WEB",
"url": "https://www.opendesign.com/security-advisories"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1358"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1360"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1363"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X5P5-2M3R-XHG9
Vulnerability from github – Published: 2025-08-06 03:30 – Updated: 2025-08-06 03:30Vulnerability of improper processing of abnormal conditions in huge page separation. Impact: Successful exploitation of this vulnerability may affect availability.
{
"affected": [],
"aliases": [
"CVE-2025-54634"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-06T03:15:26Z",
"severity": "HIGH"
},
"details": "Vulnerability of improper processing of abnormal conditions in huge page separation.\nImpact: Successful exploitation of this vulnerability may affect availability.",
"id": "GHSA-x5p5-2m3r-xhg9",
"modified": "2025-08-06T03:30:27Z",
"published": "2025-08-06T03:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54634"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X62C-6MXR-74FH
Vulnerability from github – Published: 2022-07-21 00:00 – Updated: 2025-05-05 18:32In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
{
"affected": [],
"aliases": [
"CVE-2021-46828"
],
"database_specific": {
"cwe_ids": [
"CWE-755",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-20T06:15:00Z",
"severity": "HIGH"
},
"details": "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.",
"id": "GHSA-x62c-6mxr-74fh",
"modified": "2025-05-05T18:32:12Z",
"published": "2022-07-21T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46828"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00004.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-33"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221007-0004"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5200"
},
{
"type": "WEB",
"url": "http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=86529758570cef4c73fb9b9c4104fdc510f701ed"
},
{
"type": "WEB",
"url": "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X6PX-8WP8-5CWQ
Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-03-11 00:31An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS).
When an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks.
This issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue.
This issue affects Junos OS:
- all versions before 21.2R3-S9,
- from 21.4 before 21.4R3-S10,
- from 22.2 before 22.2R3-S7,
- from 22.3 before 22.3R3-S4,
- from 22.4 before 22.4R3-S5,
- from 23.2 before 23.2R2-S3,
- from 23.4 before 23.4R2-S3,
- from 24.2 before 24.2R1-S2, 24.2R2.
{
"affected": [],
"aliases": [
"CVE-2026-0203"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-15T21:16:05Z",
"severity": "HIGH"
},
"details": "An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS).\n\n\n\nWhen an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks.\n\nThis issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * all versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S7,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2.",
"id": "GHSA-x6px-8wp8-5cwq",
"modified": "2026-03-11T00:31:30Z",
"published": "2026-01-15T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0203"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA104294"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA104294"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-X6RF-4V3V-MFMW
Vulnerability from github – Published: 2024-11-08 06:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
remoteproc: k3-r5: Fix error handling when power-up failed
By simply bailing out, the driver was violating its rule and internal assumptions that either both or no rproc should be initialized. E.g., this could cause the first core to be available but not the second one, leading to crashes on its shutdown later on while trying to dereference that second instance.
{
"affected": [],
"aliases": [
"CVE-2024-50176"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-08T06:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: k3-r5: Fix error handling when power-up failed\n\nBy simply bailing out, the driver was violating its rule and internal\nassumptions that either both or no rproc should be initialized. E.g.,\nthis could cause the first core to be available but not the second one,\nleading to crashes on its shutdown later on while trying to dereference\nthat second instance.",
"id": "GHSA-x6rf-4v3v-mfmw",
"modified": "2025-11-04T00:31:57Z",
"published": "2024-11-08T06:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50176"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7afb5e3aa989c479979faeb18768a67889a7a9c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/87ab3af7447791d0c619610fd560bd804549e187"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ab27eb5866ccbf57715cfdba4b03d57776092fb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/afd102bde99d90ef41e043c846ea34b04433eb7b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc71c23958931713b5e76f317b76be37189f2516"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.