SUSE CVE-2005-3107

fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service deadlock by forcing a core dump when the traced thread is in the TASKTRACED state...

SUSE CVE-2015-6654

The xenmemaddtophysmapone function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map t...

SUSE CVE-2018-17182

An issue was discovered in the Linux kernel through 4.18.8. The vmacacheflushall function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free and possibly gain privileges via certain thread creation, map, unmap, invalidation, and dereference operations...

SUSE CVE-2022-0175

A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...

kernel: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock syzbot caught a potential deadlock between the PCM runtime-buffermutex and the mm-mmaplock. It was brought by the recent fix to cover the racy read/write and other...

kernel: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock syzbot caught a potential deadlock between the PCM runtime-buffermutex and the mm-mmaplock. It was brought by the recent fix to cover the racy read/write and other...

net.praqma:memory-map (>=2.2.0 <=2.2.1), org.jenkins-ci.plugins.workflow:workflow-aggregator (>=2.1 <=2.4) +5 more potentially affected by CVE-2022-43408 via org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view (>=1.3 <=2.10)

org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view MAVEN version =1.3, =2.2.0, =2.1, =2.0.5, =1.0.0, =1.0.0, =1.0.2 Source cves: CVE-2022-43408 Source advisory: OSV:GHSA-G975-F26H-93G8...

Linux kernel 竞争条件问题漏洞

Linux Kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux Kernel is vulnerable to a contention condition issue. The vulnerability stems from a copy-on-write COW corruption in the memory subsystem's handling of private read-only shared memory maps. A loca...

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

com.testinium.jenkins:testinium (=1.0), io.fabric8.jenkins.plugins:openshift-sync (>=0.9.1 <=1.0.45) +34 more potentially affected by CVE-2022-25175 via org.jenkins-ci.plugins.workflow:workflow-multibranch (>=2.0 <=2.9.2)

org.jenkins-ci.plugins.workflow:workflow-multibranch MAVEN version =2.0, =0.9.1, =1.0-alpha-1, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-1, =1.1.0, =1.0-alpha-1, =2021.12.0, =2.2.0, =2.0, =2.5 and more Source cves: CVE-2022-25175 Source advisory:...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +38 more potentially affected by CVE-2022-25183 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.7)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.2.0, =1.0, =1.0, =1.0, =0.1-beta-5, =2.5 and more Source cves: CVE-2022-25183 Source advisory: OSV:GHSA-PFWP-Q984-W7WH...

Amazon Linux 2 : qemu (ALAS-2021-1671)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1671 advisory. A heap buffer overflow flaw was found in the iSCSI support of QEMU. This flaw could lead to an out-of- bounds read access and...

UBUNTU-CVE-2021-31347

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files writing outside a memory region created by mmap...

QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c

A reachable assertion vulnerability was found in the USB EHCI emulation code of QEMU. This issue occurs while processing USB requests due to missed handling of DMA memory map failure. This flaw allows a malicious privileged user within the guest to send bogus USB requests and crash the QEMU proce...

QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c

A reachable assertion vulnerability was found in the USB EHCI emulation code of QEMU. This issue occurs while processing USB requests due to missed handling of DMA memory map failure. This flaw allows a malicious privileged user within the guest to send bogus USB requests and crash the QEMU proce...

Qualcomm Graphics Access Control Error Vulnerability

Qualcomm Graphics is a Qualcomm graphics support firmware for use on processors. A security vulnerability exists in Qualcomm Graphics that stems from the use of mmap, where the kgsl driver has a special offset value that can be supplied to map the GPU memstore to user space...

[ASA-202012-26] qemu: multiple issues

Arch Linux Security Advisory ASA-202012-26 ========================================== Severity: Medium Date : 2020-12-16 CVE-ID : CVE-2020-14364 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-28916 Package : qemu Type : multiple issues Remote : No Link :...

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host resulting in a denial of service.

...

DEBIAN-CVE-2020-25723

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on t...