SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:2324-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2324-1 advisory. - An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an...

Information disclosure

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...

CVE-2021-0654

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...

CVE-2021-0654

Summary: CVE-2021-0654 affects Android Pixel launcher (CVE entry tied to Android kernel/TaskThumbnailView.java) with information disclosure from locked profiles due to a missing permission check in isRealSnapshot. Exploitation requires user interaction; local information disclosure is possible wi...

CVE-2021-0608

In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

CVE-2021-0605

In pfkeydump of afkey.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2021-0606

In drmsyncobjhandletofd of drmsyncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2021-0605

In pfkeydump of afkey.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Out-of-bounds

In pfkeydump of afkey.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Design/Logic Flaw

In drmsyncobjhandletofd of drmsyncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

UBUNTU-CVE-2021-0605

In pfkeydump of afkey.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

UBUNTU-CVE-2021-0606

In drmsyncobjhandletofd of drmsyncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2021-0606

In drmsyncobjhandletofd of drmsyncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2021-0605

In pfkeydump of afkey.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Out-of-bounds

In iaxxxcalci2sdiv of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-0608

The CVE-2021-0608 entry concerns Android’s AppLaunchActivity.handleAppLaunch, with a local elevation-of-privilege via a confused deputy. Affected component: Pixel Launcher on Pixel devices (and related Android kernel/framework context as per mappings). Root cause: improper handling in AppLaunchAc...

CVE-2021-0607

CVE-2021-0607 affects the Android kernel in the Knowles IAXXX adnc driver. The issue is in iaxxx_calc_i2s_div (iaxxx-codec.c) where a missing bounds check on a hardware port write allows an attacker with local access to supply data that leads to local elevation of privilege. Exploitation requires...

CVE-2021-0606

In drmsyncobjhandletofd of drmsyncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2021-0605

In pfkeydump of afkey.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

DEBIAN-CVE-2021-0512

In hidinputchangeresolutionmultipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...