Unbreakable Enterprise kernel security update

5.4.17-2136.356.4.1 - smb: client: reject userspace cifs.spnego descriptions Asim Viladi Oglu Manizada Orabug: 39463669 5.4.17-2136.356.4 - tun: free page on buildskb failure in tunxdpone Weiming Shi Orabug: 39429147 - tap: free page on error paths in tapgetuserxdp Weiming Shi Orabug: 39429147 -...

ARM CPU 安全漏洞

ARM CPUs are a family of central processing units from the British company ARM. The ARM CPUs suffer from a security vulnerability that stems from the possibility that the CPP RCTX instruction may inhibit TLB invalidation, causing the PE to retain stale TLB entries that should be invalidated by TL...

CVE-2025-38487

In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: echo 1e789080.lpc-snoop /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... 120.363594 Unable to handle kernel NULL pointer...

CVE-2022-50062

In the Linux kernel, the following vulnerability has been resolved: net: bgmac: Fix a BUG triggered by wrong bytescompl On one of our machines we got: kernel BUG at lib/dynamicqueuelimits.c:27! Internal error: Oops - BUG: 0 1 PREEMPT SMP ARM CPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O...

CVE-2022-50062

In the Linux kernel, the following vulnerability has been resolved: net: bgmac: Fix a BUG triggered by wrong bytescompl On one of our machines we got: kernel BUG at lib/dynamicqueuelimits.c:27! Internal error: Oops - BUG: 0 1 PREEMPT SMP ARM CPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O...

UBUNTU-CVE-2022-50062

In the Linux kernel, the following vulnerability has been resolved: net: bgmac: Fix a BUG triggered by wrong bytescompl On one of our machines we got: kernel BUG at lib/dynamicqueuelimits.c:27! Internal error: Oops - BUG: 0 1 PREEMPT SMP ARM CPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O...

CVE-2024-47716

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal...

CVE-2023-52911

CVE-2023-52911 is a Linux kernel issue in the DRM/MSM driver related to a NULL pointer dereference when the Adreno GPU runs in headless mode (e.g., on i.MX platforms). The crash occurs during reboot in the msm_atomic_commit_tail path, with an oops/NULL dereference involving slab kmalloc and relat...

CVE-2023-52911 drm/msm: another fix for the headless Adreno GPU

In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode e.g. iMX platforms. Unable to handle kernel NULL pointer dereference at...

CVE-2023-52911 drm/msm: another fix for the headless Adreno GPU

In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode e.g. iMX platforms. Unable to handle kernel NULL pointer dereference at...

CVE-2023-52911

In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode e.g. iMX platforms. Unable to handle kernel NULL pointer dereference at...

CVE-2021-28797

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3...

Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, were sharing proof-of-concept PoC code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome...

Stack overflow

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3...

Missing memory barriers in read-write unlock paths

ISSUE DESCRIPTION The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. ...

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit

Exploit for hardware platform in category dos / poc / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory...

Security Bulletin: NVIDIA SHIELD TV Security Updates for CPU Speculative Side Channel Vulnerabilities

NVIDIA SHIELD TV Response to CPU Speculative Side Channel Vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of novel information disclosure attacks...

Fedora 24 : chromium (2016-e9798eaaa3)

On 2016-08-04 Google released Chrome 52.0.2743.116 which fixes at least 8 security issues: CVE-2016-5141, CVE-2016-5142, CVE-2016-5139, CVE-2016-5140, CVE-2016-5145, CVE-2016-5143 and CVE-2016-5144. Additionally, this update : - Splits libmedia and libffmpeg into the libs-media subpackage, so tha...

Hacking exposed MicroSD card vulnerability: execute arbitrary code-a vulnerability warning-the black bar safety net

In the last week held the chaos computer conference, well-known hardware hacker Huang Xin countryAndrew bunnie Huangreported the MicroSD card to the security risks. He and his colleagues found that some SD cards contain a be allowed on the card to execute arbitrary code the vulnerability, and in...