August 20, 2020—KB4571748 (OS Build 17763.1432) Preview

August 20, 2020—KB4571748 OS Build 17763.1432 Preview IMPORTANT Starting in July 2020, we will resume non-security releases for Windows 10 and Windows Server, version 1809 and later. There is no change to the cumulative monthly security updates also referred to as the "B" release or Update Tuesda...

CVE-2020-25639

A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality in the way the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC. This flaw allows a local user to crash the system. Mitigation To mitigate this issue, prevent the module nouveau from being loaded. Please...

Attacking the Qualcomm Adreno GPU

Posted by Ben Hawkes, Project Zero When writing an Android exploit, breaking out of the application sandbox is often a key step. There are a wide range of remote attacks that give you code execution with the privileges of an application like the browser or a messaging application, but a sandbox...

AMD Radeon DirectX 11 Driver Vulnerabilities - Lenovo Support US

No description provided...

CVE-2019-0155

A flaw was found in the Intel graphics hardware GPU, where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to th...

Information Leak

Mozilla Developer Nicolas Silva is vulnerable to information leak. It is found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content...

The vulnerability of the RemoteFX vGPU component in the Microsoft Hyper-V hardware virtualization system’s operating system Windows allows a attacker to execute arbitrary code.

The vulnerability of the RemoteFX vGPU component in the Microsoft Hyper-V hardware virtualization system’s operating system Windows exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted...

Security Bulletin: WML CE: TensorFlow: In SQLite before 3.32.3, select.c mishandles query-flattener optimization

Summary In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. TensorFlow in WML CE uses SQLite as its embedded SQL database engine. Vulnerability Details CVEID:...

Microsoft Hyper-V RemoteFX vGPU Resource Management Error Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Windows Hyper-V is one of the virtualization products that supports...

Microsoft Windows Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Windows Hyper-V is one of the virtualization products that supports...

Microsoft Hyper-V RemoteFX vGPU Buffer Overflow Vulnerability (CNVD-2020-45323)

Microsoft Windows is a popular operating system. A buffer overflow vulnerability exists in Microsoft Hyper-V RemoteFX vGPU. An attacker can exploit this vulnerability by running a specially crafted application on a virtual machine operating system to execute arbitrary code on the host operating...

Security Bulletin: WML CE: Pillow before 7.1.0 has multiple out-of-bounds reads

Summary Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. PyTorch and TensorFlow use Pillow. Vulnerability Details CVEID: CVE-2020-10177 DESCRIPTION: Pillow could allow a remote attacker to obtain sensitive information, caused by multiple out-of-bounds reads in...

Security Bulletin: WML CE: In Pillow before 7.1.0, there is a Buffer Overflow

Summary In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. PyTorch and TensorFlow uses Pillow. Vulnerability Details CVEID: CVE-2020-10378 DESCRIPTION: Pillow could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when readin...

Security Bulletin: WML CE: WML CE: SQLite through 3.32.0 has various security issues.

Summary TensorFlow in WML CE uses SQLite as its embedded SQL database engine. SQLite through 3.32.0 has various security issues. Vulnerability Details CVEID: CVE-2020-13631 DESCRIPTION: SQLite could allow a remote attacker to bypass security restrictions, caused by a flaw in the alter.c and...

The vulnerability of the RemoteFX vGPU component in the Microsoft Hyper-V hardware virtualization system’s operating system Windows allows a attacker to execute arbitrary code.

The vulnerability of the RemoteFX vGPU component in the Microsoft Hyper-V hardware virtualization system’s operating system Windows exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted...

The vulnerability of the RemoteFX vGPU component in the Microsoft Hyper-V hardware virtualization system’s operating system Windows allows a attacker to execute arbitrary code.

The vulnerability of the RemoteFX vGPU component in the Microsoft Hyper-V hardware virtualization system’s operating system Windows exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted...

CVE-2020-1036

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-104...

NVIDIA GPU Display Driver - June 2020 Security Bulletin - Lenovo Support US

No description provided...

NVIDIA Linux GPU Display (June 2020)

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities: - A code execution vulnerability exists in the Inter Process Communication APIs due to improper access control. An authenticated, local attacker can...

NVIDIA Windows GPU Display Driver (June 2020)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in the Control Panel component. An authenticated, local attacker can exploit this via corrupting a system file, to gain privileged access to the system or...