110 matches found
SUSE CVE-2022-48957
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2switchaclentryadd and dpaa2switchaclentryremove The cmdbuff needs to be freed when error happened in dpaa2switchaclentryadd and dpaa2switchaclentryremove...
DEBIAN-CVE-2022-48957
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2switchaclentryadd and dpaa2switchaclentryremove The cmdbuff needs to be freed when error happened in dpaa2switchaclentryadd and dpaa2switchaclentryremove...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly release the cmdbuff in the dpaa2-switch driver when an error occurs in the...
DEBIAN-CVE-2022-48844
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix leaking sentcmd skb sentcmd memory is not freed before freeing hcidev causing it to leak it contents...
ROS-20240627-04
A vulnerability in the ioctl component of the Flatpak application and environment management tool is related to copying text from the virtual console and pasting it into the command buffer, from which the command can be run after exiting the Flatpak application. Exploitation of the vulnerability...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds error in the ngenecommandconfigfreebuf function...
file security update
An update is available for file. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The file command is used to identify a particular file according to the type of...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Amd Epyc_7203_Firmware
SEV Firmware Vulnerability This repo contains an exploit for...
Oracle Linux 9 : flatpak (ELSA-2023-6518)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6518 advisory. 1.12.8-1 - Update to 1.12.8 CVE-2023-28100, CVE-2023-28101 Resolves: 2180312, 2221792 Tenable has extracted the preceding description block directly fr...
flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux virtual console such as /dev/tty...
flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux virtual console such as /dev/tty...
kernel: ice: Fix potential memory leak in ice_gnss_tty_write()
In the Linux kernel, the following vulnerability has been resolved: ice: Fix potential memory leak in icegnssttywrite The icegnssttywrite return directly if the writebuf alloc failed, leaking the cmdbuf. Fix by free cmdbuf if writebuf alloc failed...
CVE-2022-24350
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function ...
UBUNTU-CVE-2023-28100
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux...
CVE-2023-28100
CVE-2023-28100 affects Flatpak on Linux prior to versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. The root cause involves using the TIOCLINUX ioctl on Linux virtual consoles (e.g., /dev/tty1) which can allow a Flatpak app running in a console to copy text from the console into the command buffer and ...
SUSE CVE-2013-6381
Buffer overflow in the qethsnmpcommand function in drivers/s390/net/qethcoremain.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer...
Race condition
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...
CVE-2022-32954
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...
CVE-2022-32474
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...
CVE-2022-32471
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM co...