966 matches found
PT-2026-39096
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the rust binder component where oneway spam detection was flawed. In TreeRange, the spam detection logic executed before the current request was inserted into the tree...
CVE-2026-37526
AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...
Automotive Grade Linux app-framework-binder 安全漏洞
Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. A security vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from the existence of elevation of privilege in...
CVE-2026-37526
AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...
CVE-2026-37525
AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...
EUVD-2026-26681
AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...
PT-2026-36503
Name of the Vulnerable Software and Affected Versions AGL app-framework-binder afb-daemon versions prior to 19.90.1 Description A privilege escalation issue exists in the supervision Do command. The on supervision call function in src/afb-supervision.c nullifies request credentials by calling afb...
CVE-2026-37525
AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-;context, NULL before...
CVE-2026-37526
AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...
CVE-2026-37525
AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...
CVE-2026-37525
The CVE-2026-37525 entry concerns the AGL app-framework-binder (afb-daemon) up to v19.90.0. The vulnerability resides in the supervision Do command: the on_supervision_call path explicitly_nullifies credentials via afb_context_change_cred(&xreq->context, NULL) before dispatching an attacker-co...
Automotive Grade Linux app-framework-binder 访问控制错误漏洞
Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. An Access Control Error vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from a lack of authentication on...
WOOTdroid: Whole-System Online On-Device Tracing for Android
System auditing on Android faces two problems. First, existing syscall tracers lose events under load, silently overwriting entries faster than a user space reader can drain them. Second, security-relevant application behavior is mediated through Binder, Android's kernel IPC mechanism, and is...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013568)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013568 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013343)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013343 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix memory leak in binderinit In binderinit, the destruction of binderallocshrinkerinit i...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010785)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010785 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013295)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013295 advisory. In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007248)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007248 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 binder: avoid potential dat...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007389)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007389 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BCFREEBUFFER processing, the BINDERTYPEFDA object...
Security Bulletin: vulerability in IBM Spectrum Symphony with spring framework
Summary vulerability in IBM Spectrum Symphony with spring framework Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...