Jie Wang

Researcher fromHuawei
#12887of 53,633
20.8Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2025-4330
5.5
2025-01-08
Linux · Linux Kernel · CVE-2025-21649
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, which caused a kernel crash when 1588 was sent on HIP08 devices. The issue occurred because HIP08 devices do not register the ptp devices, resulting in a NULL pointer dereference. The tx process attempted to set hardware time stamp info with the SKBTX HW TSTAMP flag, leading to the crash. The vulnerability is related to the `hclge ptp set tx info` function and the `hns3 nic net xmit` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-32869
7.5
2023-12-24
Netentsec · Netentsec Ns-Asg Application Security Gateway · CVE-2023-7094
**Name of the Vulnerable Software and Affected Versions** Netentsec NS-ASG Application Security Gateway version 6.3 **Description** A vulnerability was found in the Netentsec NS-ASG Application Security Gateway, affecting an unknown functionality of the file /protocol/nsasg6.0.tgz. This issue leads to information disclosure and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For Netentsec NS-ASG Application Security Gateway version 6.3, consider restricting access to the file /protocol/nsasg6.0.tgz to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-8122
7.8
2021-12-12
Linux · Linux Kernel · CVE-2021-47596
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free bug in the `hclgevf send mbx msg` function of the Hisilicon HNS3 network driver in the Linux kernel. This bug occurs because the `hns3 remove` function uninstalls the client instance first and then the acceleration engine device, but the acceleration engine device uninstall process still uses the freed netdevice to trace runtime information. The exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.