CVE-2024-26606 binder: signal epoll threads of self-work

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In epoll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDERWRITEREAD without a read buffer...

CVE-2024-26606

CVE-2024-26606 affects the Linux kernel binder subsystem. In (e)poll mode, a binder thread that issues a BINDER_WRITE_READ without a read buffer may later rely on epoll_wait to process responses, but if the epoll/wakeup signaling is not triggered for the thread’s own enqueued work, the thread can...

CVE-2024-26606 binder: signal epoll threads of self-work

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In epoll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDERWRITEREAD without a read buffer...

Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

Exploit Title: Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Date: 2023-09-20 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import requests as req import json import sys import random import uuid import urllib.parse import urllib3 from...

This Week in Spring - January 2nd, 2024

Hi, Spring fans! Happy New Year! As we step into 2024, full of hope and enthusiasm, welcome to the first installment of This Week in Spring. It's a time for new beginnings and resolutions, and what better way to start than by exploring the ever-evolving world of Spring? I hope your new year...

msgpackr's conversion of property names to strings can trigger infinite recursion

Impact When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. Patches The fix is available in v1.10.1 Workarounds Exploits seem to require structured cloning, replacing the 0x70 extension with your own that...

Information disclosure

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...

CVE-2023-52079 Conversion of property names to strings can trigger infinite recursion

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...

This Year in Spring - 2023

Welcome to another installment of This Week in Spring! It's December 26th, 2023, and we're staring down the new year! And you know what that means, right? It's time for our annual roundup, looking at all the latest and greatest in the wild and wonderful world of Springdom. This is This Year in...

SUSE CVE-2023-6546

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a GSM multiplexing contention condition leading to privilege escalation, which occurs when two threads execu...

This Week in Spring - December 12th, 2023

Hi, Spring fans! Welcome to a new installment of This Week in Spring! We've got a ton of stuff to get into, so let's dive right in! Laur Spilca and I look at how to ugprade a Spring Security 5.x application to Spring Security 6.x. Apache SkyWalking with Sheng Wu and Apache ShardingSphere with...

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response EDR systems. SafeBreach researcher Alon Leviev said the methods are "capable of working across all...

This Week in Spring - December 5th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! today, Spring Cloud, based on Spring Boot 3.2, goes GA! Don't miss this! I love this blog by Spring Framework legend Sébastien Deleuze on CDS with Spring Framework 6.1 I really enjoyed this discussion with Spring Security...

kernel: media: usb: siano: Fix use after free bugs caused by do_submit_urb

A use-after-free vulnerability was found in the Linux kernel's Siano USB driver for digital TV receivers. In dosubmiturb, memory allocated during smsusbprobe can be freed by smsusbtermdevice while URB work items are still referencing it. This leads to a use-after-free condition when worker thread...

This Week in Spring - November 14th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...

What new is coming in reactor-core 3.6.0?

Reactor 3.6.0 is coming and going to be GA on November 14. This blogpost describes new features that are included in this upcoming release! Virtual Threads support Today, everyone talks about Java 21 and Project Loom. The Project Reactor team hears that and sees value in that project within our...

Runtime efficiency with Spring (today and tomorrow)

With Spring Framework 6.1 and Spring Boot 3.2 general availability approaching, we would like to share an overview about several efforts the Spring team is pursuing to allow developers to optimize the runtime efficiency of their applications. We are going to cover the following technologies and u...

SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests...

Where to find Opera’s Privacy and Security team online

Security Where to find Opera’s Privacy and Security team online Share September 27th, 2023 Hello everyone! Through this blog, we strive to offer timely updates and important information about Opera and our products. This helps us maintain an open line of communication with our users, particularly...