kernel: mm, slub: avoid zeroing kmalloc redzone

In the Linux kernel, the following vulnerability has been resolved: mm, slub: avoid zeroing kmalloc redzone Since commit 946fa0dbf2d8 "mm/slub: extend redzone check to extra allocated kmalloc space than requested", setting origsize treats the wasted space objectsize - origsize as a redzone. Howev...

CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone

In the Linux kernel, the following vulnerability has been resolved: mm, slub: avoid zeroing kmalloc redzone Since commit 946fa0dbf2d8 "mm/slub: extend redzone check to extra allocated kmalloc space than requested", setting origsize treats the wasted space objectsize - origsize as a redzone. Howev...

CVE-2024-49885

CVE-2024-49885: Linux kernel mm/slub kmalloc redzone issue resolved. Root cause: orig_size handling treated wasted space as redzone and, with init_on_free=1, clears full object->size including metadata, causing check_object() to misclassify the object as redzone. Fix: clear the used area using...

CVE-2024-49885

In the Linux kernel, the following vulnerability has been resolved: mm, slub: avoid zeroing kmalloc redzone Since commit 946fa0dbf2d8 "mm/slub: extend redzone check to extra allocated kmalloc space than requested", setting origsize treats the wasted space objectsize - origsize as a redzone. Howev...

PT-2024-5523 · Minio +2 · Minio +2

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2024-05-27T19-17-46Z Description: The issue concerns the use of If-Modified-Since and If-Unmodified-Since headers with anonymous requests, allowing an attacker to determine if an object exists on the server in ...

CVE-2023-39908

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory...

CVE-2023-39908

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory...

CVE-2023-39908

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory...

Code injection

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory...

Yubico YubiHSM 2 SDK Buffer Error Vulnerability

Yubico YubiHSM is a solution from Yubico Inc. for protecting Certificate Authority root keys from being copied by attackers, malware and malicious insiders. A security vulnerability exists in Yubico YubiHSM 2 SDK 2023.01 and earlier versions, which stems from the PKCS11 module failing to correctl...

Security Advisory YSA-2023-01 | Yubico

The PKCS11 module of the YubiHSM 2 SDK does not properly validate the length of specific read operations on object metadata which may lead to disclosure of uninitialized and previously used memory...

CVE-2014-2521

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command...

CVE-2014-2521

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command...

CVE-2014-2521

CVE-2014-2521 affects EMC Documentum Content Server versions 6.7 SP2 P16 and 7.x prior to 7.1 P07. The vulnerability stems from improper authorization checks on certain RPC commands, allowing remote authenticated users to read sensitive object metadata. Impact is read access to metadata of unauth...

CVE-2012-0396

EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search...

CVE-2012-0396

EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search...