UBUNTU-CVE-2021-28704

PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...

kernel: ALSA: ymfpci: Fix BUG_ON in probe function

An assertion failure was found in the Linux kernel's Yamaha YMF sound card driver during buffer validation. The probe function includes a BUGON assertion that compares DMA buffer sizes without accounting for alignment, causing the assertion to fail when the aligned buffer size doesn't exactly mat...

abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

RUSTSEC-2021-0121 Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

Buffer overflow

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure an...

CVE-2021-1974

CVE-2021-1974 is described in connected sources as a buffer issue (buffer over-read) due to misalignment between IPA SMMU and WLAN SMMU mapping lengths in Snapdragon platforms (Auto/Compute/Connectivity/IoT/Wearables/Networking). Qualcomm/Red Hat/NVD entries label it as high severity with network...

CVE-2021-1974

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure an...

The Cybersecurity Skills Gap Is Widening: New Study

The era of COVID-19 has taught us all a few things about supply and demand. From the early days of toilet paper shortages to more recent used-car pricing shocks, the stress tests brought on by a global pandemic have revealed the extremely delicate balance of scarcity and surplus. Another area...

GHSA-QG24-8XJ4-GJ2H Unaligned memory allocation in chunky

An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement...

Unaligned memory allocation in chunky

An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement...

GHSA-MMC9-PWM7-QJ5W Unaligned memory access in rand_core

Impact Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior. randcore::BlockRng::nextu64 and randcore::BlockRng::fillbytes are affected. Patches The flaw was corrected by Ralf Jung and Diggory Hardy for randcore = 0.4.2...

Unaligned memory access in rand_core

Impact Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior. randcore::BlockRng::nextu64 and randcore::BlockRng::fillbytes are affected. Patches The flaw was corrected by Ralf Jung and Diggory Hardy for randcore = 0.4.2...

GHSA-85J6-F8J6-Q26X Unaligned references in Obstack

Obstack generates unaligned references for types that require a large alignment...

Unaligned references in Obstack

Obstack generates unaligned references for types that require a large alignment...

GHSA-FQPX-CQ8X-9WP4 Unaligned references in sized-chunks

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement...

Unaligned references in sized-chunks

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement...

CVE-2020-36433

An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement...

CVE-2020-36433

An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement...

Design/Logic Flaw

An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement...