Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11291 vulnerabilities reference this CWE, most recent first.

GHSA-X8VH-7CVG-XW74

Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2025-09-17 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()

Currently, there is no terminator entry for ath12k_qmi_msg_handlers hence facing below KASAN warning,

================================================================== BUG: KASAN: global-out-of-bounds in qmi_invoke_handler+0xa4/0x148 Read of size 8 at addr ffffffd00a6428d8 by task kworker/u8:2/1273

CPU: 0 PID: 1273 Comm: kworker/u8:2 Not tainted 5.4.213 #0 Workqueue: qmi_msg_handler qmi_data_ready_work Call trace: dump_backtrace+0x0/0x20c show_stack+0x14/0x1c dump_stack+0xe0/0x138 print_address_description.isra.5+0x30/0x330 __kasan_report+0x16c/0x1bc kasan_report+0xc/0x14 __asan_load8+0xa8/0xb0 qmi_invoke_handler+0xa4/0x148 qmi_handle_message+0x18c/0x1bc qmi_data_ready_work+0x4ec/0x528 process_one_work+0x2c0/0x440 worker_thread+0x324/0x4b8 kthread+0x210/0x228 ret_from_fork+0x10/0x18

The address belongs to the variable: ath12k_mac_mon_status_filter_default+0x4bd8/0xfffffffffffe2300 [ath12k] [...] ==================================================================

Add a dummy terminator entry at the end to assist the qmi_invoke_handler() in traversing up to the terminator entry without accessing an out-of-boundary index.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-19T14:15:17Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix out-of-bound access of qmi_invoke_handler()\n\nCurrently, there is no terminator entry for ath12k_qmi_msg_handlers hence\nfacing below KASAN warning,\n\n ==================================================================\n BUG: KASAN: global-out-of-bounds in qmi_invoke_handler+0xa4/0x148\n Read of size 8 at addr ffffffd00a6428d8 by task kworker/u8:2/1273\n\n CPU: 0 PID: 1273 Comm: kworker/u8:2 Not tainted 5.4.213 #0\n Workqueue: qmi_msg_handler qmi_data_ready_work\n Call trace:\n  dump_backtrace+0x0/0x20c\n  show_stack+0x14/0x1c\n  dump_stack+0xe0/0x138\n  print_address_description.isra.5+0x30/0x330\n  __kasan_report+0x16c/0x1bc\n  kasan_report+0xc/0x14\n  __asan_load8+0xa8/0xb0\n  qmi_invoke_handler+0xa4/0x148\n  qmi_handle_message+0x18c/0x1bc\n  qmi_data_ready_work+0x4ec/0x528\n  process_one_work+0x2c0/0x440\n  worker_thread+0x324/0x4b8\n  kthread+0x210/0x228\n  ret_from_fork+0x10/0x18\n\n The address belongs to the variable:\n  ath12k_mac_mon_status_filter_default+0x4bd8/0xfffffffffffe2300 [ath12k]\n [...]\n ==================================================================\n\nAdd a dummy terminator entry at the end to assist the qmi_invoke_handler()\nin traversing up to the terminator entry without accessing an\nout-of-boundary index.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1",
  "id": "GHSA-x8vh-7cvg-xw74",
  "modified": "2025-09-17T21:30:40Z",
  "published": "2024-06-19T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38572"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95575de7dede7b1ed3b9718dab9dda97914ea775"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1abdb63628b04855a929850772de97435ed1555"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b48d40f5840c505b7af700594aa8379eec28e925"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e1bdff48a1bb4a4ac660c19c55a820968c48b3f2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8W9-FQ97-PWWH

Vulnerability from github – Published: 2024-05-16 12:30 – Updated: 2024-05-16 12:30
VLAI
Details

Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-16T12:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-x8w9-fq97-pwwh",
  "modified": "2024-05-16T12:30:22Z",
  "published": "2024-05-16T12:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30287"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/framemaker/apsb24-37.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8X2-935G-9QF2

Vulnerability from github – Published: 2024-05-23 09:30 – Updated: 2024-05-23 09:30
VLAI
Details

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-23T09:15:09Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-x8x2-935g-9qf2",
  "modified": "2024-05-23T09:30:28Z",
  "published": "2024-05-23T09:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30280"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X93J-FM3W-M5V9

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12967"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-19T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.",
  "id": "GHSA-x93j-fm3w-m5v9",
  "modified": "2022-05-13T01:42:49Z",
  "published": "2022-05-13T01:42:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12967"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201801-01"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21962"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100462"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X93X-R5X8-P67X

Vulnerability from github – Published: 2025-06-06 18:30 – Updated: 2025-06-18 18:30
VLAI
Details

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.

We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-06T16:15:24Z",
    "severity": "LOW"
  },
  "details": "An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local  attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later",
  "id": "GHSA-x93x-r5x8-p67x",
  "modified": "2025-06-18T18:30:31Z",
  "published": "2025-06-06T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29871"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-25-16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X948-4P56-VXGF

Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31
VLAI
Details

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T15:15:28Z",
    "severity": "MODERATE"
  },
  "details": "Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-x948-4p56-vxgf",
  "modified": "2024-08-14T15:31:18Z",
  "published": "2024-08-14T15:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41832"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X953-C6CQ-WQ8X

Vulnerability from github – Published: 2026-05-06 21:31 – Updated: 2026-05-07 01:05
VLAI
Details

Out of bounds read in Fonts in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T19:16:38Z",
    "severity": "MODERATE"
  },
  "details": "Out of bounds read in Fonts in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-x953-c6cq-wq8x",
  "modified": "2026-05-07T01:05:49Z",
  "published": "2026-05-06T21:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7904"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/492350406"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X96J-4M6X-JCVX

Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2026-05-12 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix oob access in cgroup local storage

Lonial reported that an out-of-bounds access in cgroup local storage can be crafted via tail calls. Given two programs each utilizing a cgroup local storage with a different value size, and one program doing a tail call into the other. The verifier will validate each of the indivial programs just fine. However, in the runtime context the bpf_cg_run_ctx holds an bpf_prog_array_item which contains the BPF program as well as any cgroup local storage flavor the program uses. Helpers such as bpf_get_local_storage() pick this up from the runtime context:

ctx = container_of(current->bpf_ctx, struct bpf_cg_run_ctx, run_ctx); storage = ctx->prog_item->cgroup_storage[stype];

if (stype == BPF_CGROUP_STORAGE_SHARED) ptr = &READ_ONCE(storage->buf)->data[0]; else ptr = this_cpu_ptr(storage->percpu_buf);

For the second program which was called from the originally attached one, this means bpf_get_local_storage() will pick up the former program's map, not its own. With mismatching sizes, this can result in an unintended out-of-bounds access.

To fix this issue, we need to extend bpf_map_owner with an array of storage_cookie[] to match on i) the exact maps from the original program if the second program was using bpf_get_local_storage(), or ii) allow the tail call combination if the second program was not using any of the cgroup local storage maps.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38502"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-16T10:15:25Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix oob access in cgroup local storage\n\nLonial reported that an out-of-bounds access in cgroup local storage\ncan be crafted via tail calls. Given two programs each utilizing a\ncgroup local storage with a different value size, and one program\ndoing a tail call into the other. The verifier will validate each of\nthe indivial programs just fine. However, in the runtime context\nthe bpf_cg_run_ctx holds an bpf_prog_array_item which contains the\nBPF program as well as any cgroup local storage flavor the program\nuses. Helpers such as bpf_get_local_storage() pick this up from the\nruntime context:\n\n  ctx = container_of(current-\u003ebpf_ctx, struct bpf_cg_run_ctx, run_ctx);\n  storage = ctx-\u003eprog_item-\u003ecgroup_storage[stype];\n\n  if (stype == BPF_CGROUP_STORAGE_SHARED)\n    ptr = \u0026READ_ONCE(storage-\u003ebuf)-\u003edata[0];\n  else\n    ptr = this_cpu_ptr(storage-\u003epercpu_buf);\n\nFor the second program which was called from the originally attached\none, this means bpf_get_local_storage() will pick up the former\nprogram\u0027s map, not its own. With mismatching sizes, this can result\nin an unintended out-of-bounds access.\n\nTo fix this issue, we need to extend bpf_map_owner with an array of\nstorage_cookie[] to match on i) the exact maps from the original\nprogram if the second program was using bpf_get_local_storage(), or\nii) allow the tail call combination if the second program was not\nusing any of the cgroup local storage maps.",
  "id": "GHSA-x96j-4m6x-jcvx",
  "modified": "2026-05-12T15:30:58Z",
  "published": "2025-08-16T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38502"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19341d5c59e8c7e8528e40f8663e99d67810473c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41688d1fc5d163a6c2c0e95c0419e2cb31a44648"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66da7cee78590259b400e51a70622ccd41da7bb2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7acfa07c585e3d7a64654d38f0a5c762877d0b9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/abad3d0bad72a52137e0c350c59542d75ae4f513"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1c74584b9b4043c52e41fec415226e582d266a3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X96R-V34Q-Q4VV

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2022-05-13 01:09
VLAI
Details

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-04T00:29:00Z",
    "severity": "HIGH"
  },
  "details": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().",
  "id": "GHSA-x96r-v34q-q4vv",
  "modified": "2022-05-13T01:09:00Z",
  "published": "2022-05-13T01:09:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16429"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/glib/issues/1361"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3767-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3767-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X972-PCGH-84PG

Vulnerability from github – Published: 2026-02-06 09:30 – Updated: 2026-02-06 09:30
VLAI
Details

Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-06T09:15:51Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read vulnerability in the graphics module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-x972-pcgh-84pg",
  "modified": "2026-02-06T09:30:29Z",
  "published": "2026-02-06T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24929"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2026/2"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.