PT-2022-19457 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: There is a potential for segfault / denial of service in TensorFlow by calling...

CVE-2022-21685

CVE-2022-21685 affects Frontier’s MODEXP precompile in Substrate’s Ethereum compatibility layer. The root cause is a bug in the MODEXP precompile that can trigger an integer underflow. Impact: Debug builds: possible node crash Release/WebAssembly: limited impact to EVM out-of-gasMitigation: apply...

CVE-2021-41138

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

CVE-2021-41138

CVE-2021-41138 concerns Frontier, Substrate’s Ethereum compatibility layer. A signed Frontier-specific extrinsic for pallet-ethereum caused many validation checks to run only during transaction pool validation, not during block execution, allowing malicious validators to include invalid transacti...

Input validation

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid...

CVE-2021-39193

CVE-2021-39193 concerns Frontier’s Ethereum compatibility layer (Frontier) and specifically a bug in the Substrate pallet-ethereum. Before commit 0b962f218f0cdd796dadfe26c3f09e68f7861b26, input data size validation was faulty, which could allow invalid transactions to be included in the Ethereum ...

Google Fixes High-Severity Chrome Browser Code Execution Bug

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week. The flaw CVE-2020-6492 is a use-after-free vulnerability in the WebGL We...

[SECURITY] Fedora 30 Update: blis-0.6.0-4.fc30

BLIS is a portable software framework for instantiating high-performance BLAS-like dense linear algebra libraries. The framework was designed to isolate essential kernels of computation that, when optimized, immediately enable optimized implementations of most of its commonly used and...

Privilege Escalation

Linux kernel is vulnerable to privilege escalation vulnerability. This occurs in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel. An attacker to overwrite a kernel memory from an unprivileged userspace process causing a privilege escalation...

The compatibility subsystem for running Linux applications allows the Windows Subsystem for Linux operating systems to enable attackers to elevate their privileges and execute arbitrary code.

The vulnerability of the compatibility subsystem for running Linux applications stems from a numerical overflow. Exploiting this vulnerability allows an attacker to enhance their privileges and execute arbitrary code using a specially created application...

Debian DSA-4120-1 : linux - security update (Meltdown) (Spectre)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker...

Design/Logic Flaw

The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors...

Code injection

The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."...

CVE-2016-1880

The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."...

CVE-2016-1883

The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors...

CVE-2016-1883

Removed by vendor...

CVE-2016-1880

Removed by vendor...

CVE-2016-1883

The CVE-2016-1883 entry describes a programming error in FreeBSD’s Linux compatibility layer that could cause the issetugid(2) system call to return incorrect information. Impact: if an application relies on that output, a privilege escalation could occur. Affected releases: FreeBSD stable/9 (9.3...

CVE-2016-1880

CVE-2016-1880 concerns FreeBSD’s Linux binary compatibility layer. The issue arises from a programming error in handling Linux futex robust lists, potentially allowing a local user to read portions of kernel memory and escalate privileges on affected systems. Affected: FreeBSD versions with Linux...

FreeBSD-SA-16:10.linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:10.linux Security Advisory The FreeBSD Project Topic: Linux compatibility layer issetugid2 system call vulnerability Category: core Module: kernel Announced:...