Yocto Linux Foundation Yocto

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Linux Foundation Yocto.

By the Year

In 2025 there have been 0 vulnerabilities in Linux Foundation Yocto. Last year, in 2024 Yocto had 3 security vulnerabilities published. Right now, Yocto is on track to have less security vulnerabilities in 2025 than it did last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 3 5.43
2023 40 6.32
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Yocto vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Foundation Yocto Security Vulnerabilities

In power, there is a possible out of bounds read due to a missing bounds check

CVE-2024-20085 4.4 - Medium - September 02, 2024

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.

Out-of-bounds Read

In power, there is a possible out of bounds read due to a missing bounds check

CVE-2024-20084 4.4 - Medium - September 02, 2024

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.

Out-of-bounds Read

In wlan, there is a possible denial of service due to incorrect error handling

CVE-2024-20089 7.5 - High - September 02, 2024

In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.

Improper Check for Unusual or Exceptional Conditions

In apusys, there is a possible out of bounds write due to an integer overflow

CVE-2023-32829 6.7 - Medium - October 02, 2023

In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.

Integer Overflow or Wraparound

In wlan firmware, there is a possible firmware assertion due to improper input handling

CVE-2023-32820 7.5 - High - October 02, 2023

In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637.

assertion failure

In gps, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20829 6.7 - Medium - September 04, 2023

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148.

Memory Corruption

In imgsys, there is a possible out of bounds read and write due to a missing valid range checking

CVE-2023-20840 6.5 - Medium - September 04, 2023

In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430.

Out-of-bounds Read

In imgsys, there is a possible out of bounds write due to a missing valid range checking

CVE-2023-20841 6.5 - Medium - September 04, 2023

In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.

Memory Corruption

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking

CVE-2023-20842 6.5 - Medium - September 04, 2023

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.

Memory Corruption

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking

CVE-2023-20848 6.5 - Medium - September 04, 2023

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.

Out-of-bounds Read

In wlan driver, there is a possible out of bounds write due to improper input validation

CVE-2023-32806 6.7 - Medium - September 04, 2023

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589.

Memory Corruption

In gnss service, there is a possible out of bounds write due to improper input validation

CVE-2023-32812 6.7 - Medium - September 04, 2023

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.

Memory Corruption

In camsys, there is a possible use after free due to a race condition

CVE-2023-20835 6.4 - Medium - September 04, 2023

In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.

Race Condition

In nvram, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20821 6.7 - Medium - September 04, 2023

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.

Memory Corruption

In gps, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20828 6.7 - Medium - September 04, 2023

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.

Memory Corruption

In gps, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20830 6.7 - Medium - September 04, 2023

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.

Memory Corruption

In gps, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20831 6.7 - Medium - September 04, 2023

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014162.

Memory Corruption

In gps, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20832 6.7 - Medium - September 04, 2023

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.

Memory Corruption

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking

CVE-2023-20849 6.5 - Medium - September 04, 2023

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.

Dangling pointer

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking

CVE-2023-20850 6.5 - Medium - September 04, 2023

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.

Memory Corruption

In connectivity system driver, there is a possible out of bounds write due to improper input validation

CVE-2023-32811 6.7 - Medium - September 04, 2023

In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.

Memory Corruption

In imgsys, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20805 6.7 - Medium - August 07, 2023

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.

Memory Corruption

In imgsys, there is a possible system crash due to a mssing ptr check

CVE-2023-20800 6.5 - Medium - August 07, 2023

In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.

In imgsys, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20804 6.7 - Medium - August 07, 2023

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.

Memory Corruption

In imgsys, there is a possible memory corruption due to improper input validation

CVE-2023-20803 6.5 - Medium - August 07, 2023

In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.

Memory Corruption

In vcu, there is a possible out of bounds write due to a race condition

CVE-2023-20736 6.4 - Medium - June 06, 2023

In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645189.

Race Condition

In wlan, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20728 4.4 - Medium - June 06, 2023

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603.

Out-of-bounds Read

In wlan, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20729 4.4 - Medium - June 06, 2023

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575.

Out-of-bounds Read

In wlan, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20730 4.4 - Medium - June 06, 2023

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573552.

Out-of-bounds Read

In wlan, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20731 4.4 - Medium - June 06, 2023

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495.

Out-of-bounds Read

In wlan, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20732 6.7 - Medium - June 06, 2023

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480.

Memory Corruption

In vcu, there is a possible use after free due to improper locking

CVE-2023-20733 6.7 - Medium - June 06, 2023

In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149.

Improper Locking

In vcu, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20734 6.7 - Medium - June 06, 2023

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645184.

Memory Corruption

In vcu, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20735 6.7 - Medium - June 06, 2023

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178.

Memory Corruption

In vcu, there is a possible use after free due to improper locking

CVE-2023-20737 6.7 - Medium - June 06, 2023

In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645167.

Improper Locking

In vcu, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20738 6.7 - Medium - June 06, 2023

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645173.

Memory Corruption

In vcu, there is a possible memory corruption due to a logic error

CVE-2023-20740 6.7 - Medium - June 06, 2023

In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559840.

Memory Corruption

In vcu, there is a possible out of bounds write due to improper locking

CVE-2023-20743 6.7 - Medium - June 06, 2023

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142.

Improper Locking

In vcu, there is a possible use after free due to a logic error

CVE-2023-20744 6.7 - Medium - June 06, 2023

In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200.

Dangling pointer

In vcu, there is a possible out of bounds write due to improper locking

CVE-2023-20745 6.7 - Medium - June 06, 2023

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694.

Improper Locking

In vcu, there is a possible out of bounds write due to improper locking

CVE-2023-20746 6.7 - Medium - June 06, 2023

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217.

Improper Locking

In vcu, there is a possible memory corruption due to type confusion

CVE-2023-20747 4.4 - Medium - June 06, 2023

In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.

Object Type Confusion

In wlan, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20727 4.4 - Medium - June 06, 2023

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Google Android or by Linux Foundation? Click the Watch button to subscribe.

subscribe