Early Access — Mondoo Vulnerability Intelligence is currently in preview.
In the Linux kernel, the following vulnerability has been resolved:
of: fdt: fix off-by-one error in unflatten_dt_nodes()
Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which makes it possible to overflow the nps[] buffer...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:H7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H