Linuxfoundation Yocto vulnerabilities

112 known vulnerabilities affecting linuxfoundation/yocto.

Total CVEs

112

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL3HIGH14MEDIUM93LOW2

Vulnerabilities

Page 3 of 6

CVE-2024-20022MEDIUMCVSS 6.7v3.32024-03-04

CVE-2024-20022 [MEDIUM] CWE-125 CVE-2024-20022: In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255.

nvd

CVE-2024-20023MEDIUMCVSS 6.7v3.32024-03-04

CVE-2024-20023 [MEDIUM] CWE-787 CVE-2024-20023: In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to loc In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.

nvd

CVE-2024-25626CRITICALCVSS 9.8fixed in 3.1.31≥ 3.2, < 4.0.16+1 more2024-02-19

CVE-2024-25626 [CRITICAL] CWE-78 CVE-2024-25626: Yocto Project is an open source collaboration project that helps developers create custom Linux-base Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster server (included in bitbake) running, missing input validation allows an attacker to perform a remot

nvd

CVE-2023-32855MEDIUMCVSS 6.7v2.6v3.3+1 more2023-12-04

CVE-2023-32855 [MEDIUM] CWE-862 CVE-2023-32855: In aee, there is a possible escalation of privilege due to a missing permission check. This could le In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204.

nvd

CVE-2023-32820HIGHCVSS 7.5v3.1v3.32023-10-02

CVE-2023-32820 [HIGH] CWE-617 CVE-2023-32820: In wlan firmware, there is a possible firmware assertion due to improper input handling. This could In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637.

nvd

CVE-2023-32829MEDIUMCVSS 6.7v3.1v3.3+1 more2023-10-02

CVE-2023-32829 [MEDIUM] CWE-190 CVE-2023-32829: In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to lo In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.

nvd

CVE-2023-32806MEDIUMCVSS 6.7v4.02023-09-04

CVE-2023-32806 [MEDIUM] CWE-787 CVE-2023-32806: In wlan driver, there is a possible out of bounds write due to improper input validation. This could In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589.

nvd

CVE-2023-32813MEDIUMCVSS 4.4v2.62023-09-04

CVE-2023-32813 [MEDIUM] CWE-787 CVE-2023-32813: In gnss service, there is a possible out of bounds write due to improper input validation. This coul In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.

nvd

CVE-2023-32810MEDIUMCVSS 4.4v3.1v3.3+1 more2023-09-04

CVE-2023-32810 [MEDIUM] CWE-125 CVE-2023-32810: In bluetooth driver, there is a possible out of bounds read due to improper input validation. This c In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212.

nvd

CVE-2023-20821MEDIUMCVSS 6.7v2.62023-09-04

CVE-2023-20821 [MEDIUM] CWE-787 CVE-2023-20821: In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.

nvd

CVE-2023-20832MEDIUMCVSS 6.7v2.62023-09-04

CVE-2023-20832 [MEDIUM] CWE-787 CVE-2023-20832: In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.

nvd

CVE-2023-20841MEDIUMCVSS 6.5v4.02023-09-04

CVE-2023-20841 [MEDIUM] CWE-787 CVE-2023-20841: In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.

nvd

CVE-2023-20848MEDIUMCVSS 6.5v4.02023-09-04

CVE-2023-20848 [MEDIUM] CWE-125 CVE-2023-20848: In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This c In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.

nvd

CVE-2023-32807MEDIUMCVSS 4.4v4.02023-09-04

CVE-2023-32807 [MEDIUM] CWE-125 CVE-2023-32807: In wlan service, there is a possible out of bounds read due to improper input validation. This could In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588360; Issue ID: ALPS07588360.

nvd

CVE-2023-20849MEDIUMCVSS 6.5v4.02023-09-04

CVE-2023-20849 [MEDIUM] CWE-416 CVE-2023-20849: In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.

nvd

CVE-2023-20828MEDIUMCVSS 6.7v2.62023-09-04

CVE-2023-20828 [MEDIUM] CWE-787 CVE-2023-20828: In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.

nvd

CVE-2023-32811MEDIUMCVSS 6.7v4.02023-09-04

CVE-2023-32811 [MEDIUM] CWE-787 CVE-2023-32811: In connectivity system driver, there is a possible out of bounds write due to improper input validat In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.

nvd

CVE-2023-20829MEDIUMCVSS 6.7v2.62023-09-04

CVE-2023-20829 [MEDIUM] CWE-787 CVE-2023-20829: In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148.

nvd

CVE-2023-20839MEDIUMCVSS 4.2v4.02023-09-04

CVE-2023-20839 [MEDIUM] CWE-125 CVE-2023-20839: In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409.

nvd

CVE-2023-20846MEDIUMCVSS 4.2v4.02023-09-04

CVE-2023-20846 [MEDIUM] CWE-125 CVE-2023-20846: In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This c In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098.

nvd

← Previous3 / 6Next →