40 matches found
USN-6080-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Zheng Wang discovered that the Intel i915 graphics...
USN-5877-1 linux-gke-5.15 vulnerabilities
Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...
USN-5815-1 linux-bluefield vulnerabilities
It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-20421 David Leadbeater...
USN-5792-2 linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities
Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization SEV. A local attacker could possibly use this to cause a denial of service host system crash. CVE-2022-0171 It was discovered th...
Ubuntu: Security Advisory (USN-5790-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5793-1: Linux kernel vulnerabilities
It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3910 ...
USN-5792-1: Linux kernel vulnerabilities
Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization SEV. A local attacker could possibly use this to cause a denial of service host system crash. CVE-2022-0171 It was discovered th...
PT-2022-33842 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.61 Description: The issue concerns the android: binder, specifically stopping the saving of a pointer to the VMA. The actual impact and attack plausibility have not yet been proven. Recommendations: For...
PT-2022-33489 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue concerns the android: binder, where a pointer to the VMA is saved. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...
CVE-2021-39686
A race condition was found in the Linux kernel Android binder driver. The driver is not included to the other kernels, apart from Android devices. This issue could allow a local user to crash the system or potentially escalate their privileges on the system...
Debian DLA-2114-1 : linux-4.9 security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-13093, CVE-2018-13094 Wen Xu from SSLab at Gatech reported several NULL pointer dereference flaws that may be triggered when mounting and...
[SECURITY] [DLA 2114-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.210-1deb8u1 CVE ID : CVE-2018-13093 CVE-2018-13094 CVE-2018-20976 CVE-2018-21008 CVE-2019-0136 CVE-2019-2215 CVE-2019-10220 CVE-2019-14615 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15098...
Android Binder Use After Free (CVE-2019-2215)
A use-after-free vulnerability exists in Android Binder. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Vulnerability of the driver /drivers/android/binder.c in the Android operating system, allowing a hacker to gain full control over the device
The vulnerability in the Android operating system’s driver/driver/binder.c code relates to the use of memory after it is freed. Exploiting this vulnerability can allow a hacker to gain full control over the device by using a specially created application...
Google Android Binder Qualcomm Component Elevation of Privilege Vulnerability
Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Google Android Binder Qualcomm component. An attacker can exploit this vulnerability to achieve elevation of privile...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the Binder application configuration in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Android tlc_server Heap Overflow Vulnerability
Android suffers from a heap overflow vulnerability in the tlcserver via the LOADTUIRESOURCE command. Android: Heap-overflow in "tlcserver" via LOADTUIRESOURCE command As a part of the TrustZone framework available on Samsung devices, Samsung provides an Android daemon which enables communication...
CVE-2016-2440
libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896...
Android Binder Elevation of Privilege Vulnerability
Android is an open source operating system based on Linux. Android Binder has a security vulnerability that allows a remote attacker to build malicious apps with elevated privileges...
Android-libcutils library integer overflow leading to heap damage vulnerability discovery and exploit-vulnerability warning-the black bar safety net
Before reading this article, you best understand the Android Binder mechanism, for graphics system BufferQueue principle, the heap Manager jemalloc the basic principles. This article describes how to use the libcutils library stack damage vulnerability get systemserver permissions, this...