Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6898-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6898-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointe...

CVE-2024-21465 Buffer Over-read in Trusted Execution Environment

Memory corruption while processing key blob passed by the user...

CVE-2024-21465 Buffer Over-read in Trusted Execution Environment

Memory corruption while processing key blob passed by the user...

The vulnerability of the tls_new_ciphertext() function in the src/net/tls.c file of the iPXE network loading standard’s Preboot Execution Environment implementation, which allows a hacker to disclose confidential information

The vulnerability of the tlsnewciphertext function in the src/net/tls.c file of the iPXE network loading standard implementation allows for unauthorized access. Exploiting this vulnerability could enable a malicious actor to disclose confidential information by manipulating the padlen argument...

Google Pixel Security Breach

Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from the presence of uninitialized data in the handlemsgshmmapreq module of trusty/user/base/lib/spi/srv/tipc/tipc.c, which could allow for stack data disclosure...

CVE-2023-43542 Buffer Copy Without Checking Size of Input in Trusted Execution Environment

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked...

CVE-2023-43542 Buffer Copy Without Checking Size of Input in Trusted Execution Environment

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked...

WebAssembly Micro Runtime 安全漏洞

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

PT-2024-18728 · Samsung · Samsung Mobile Devices

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices affected versions not specified Description: A vulnerability allows local attackers to reconfigure OTP, enabling them to transit into RMA mode, which disables security features. This attack requires additional privilege...

kernel: tee: amdtee: fix race condition in amdtee_open_session

A use-after-free vulnerability was found in the AMD TEE driver in the Linux kernel. The flaw occurs from a race condition in the amdteeopensession function, where the session is marked as active in sess-sessmask before the corresponding sess structure is fully initialized. If a parallel thread...

Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases

Summary Attackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands. Details Since 26848, registryAliases has become mergeable. This means that the helmv3 manager started honoring its value and uses a helm repo...

GHSA-RQGV-292V-5QGR Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases

Summary Attackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands. Details Since 26848, registryAliases has become mergeable. This means that the helmv3 manager started honoring its value and uses a helm repo...

CVE-2023-33115 Buffer Over-read in Trusted Execution Environment

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated...

CVE-2023-33115 Buffer Over-read in Trusted Execution Environment

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated...

CVE-2024-25986

In ppmpunprotectbuf of drmfw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation...

BIT-PILLOW-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

CVE-2024-20020

In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504...

MediaTek Chip Security Breach

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chips that stems from an incorrect boundary check in the OPTEE module, which may result in out-of-bounds writes...

MediaTek Chip Security Breach

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the MediaTek chips, which stems from a lack of privilege checking in the aee module, which could lead to a privilege bypass issue...

CVE-2023-33046

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...