d3m-simon (=1.2.5), easyquake (>=1.3.0 <=1.4.0) potentially affected by CVE-2021-29524 via tensorflow-gpu (=2.2.0)

tensorflow-gpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - d3m-simon =1.2.5 - easyquake =1.3.0, =1.4.0 Source cves: CVE-2021-29524 Source advisory: OSV:PYSEC-2021-650...

brainhance (=0.0.1), crystal4d (>=0.0.4 <=0.1.2) +3 more potentially affected by CVE-2021-29586 via tensorflow-gpu (>=2.4.0 <=2.4.1)

tensorflow-gpu PYPI version =2.4.0, =0.0.4, =1.1.1, =1.0.0, =1.0.1 - tf-yarn-gpu =0.6.3 Source cves: CVE-2021-29586 Source advisory: OSV:PYSEC-2021-712...

deep-floorplan (=0.0.0), mpunet (=0.2.9) +1 more potentially affected by CVE-2021-29554 via tensorflow-gpu (>=2.3.0 <=2.3.2)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2021-29554 Source advisory: OSV:PYSEC-2021-680...

deep-floorplan (=0.0.0), mpunet (=0.2.9) +1 more potentially affected by CVE-2021-29512 via tensorflow-gpu (>=2.3.0 <=2.3.2)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2021-29512 Source advisory: OSV:PYSEC-2021-638...

brainhance (=0.0.1), crystal4d (>=0.0.4 <=0.1.2) +3 more potentially affected by CVE-2021-29512 via tensorflow-gpu (>=2.4.0 <=2.4.1)

tensorflow-gpu PYPI version =2.4.0, =0.0.4, =1.1.1, =1.0.0, =1.0.1 - tf-yarn-gpu =0.6.3 Source cves: CVE-2021-29512 Source advisory: OSV:PYSEC-2021-638...

brainhance (=0.0.1), crystal4d (>=0.0.4 <=0.1.2) +3 more potentially affected by CVE-2021-29554 via tensorflow-gpu (>=2.4.0 <=2.4.1)

tensorflow-gpu PYPI version =2.4.0, =0.0.4, =1.1.1, =1.0.0, =1.0.1 - tf-yarn-gpu =0.6.3 Source cves: CVE-2021-29554 Source advisory: OSV:PYSEC-2021-680...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +160 more potentially affected by CVE-2021-29554 via tensorflow-gpu (>=1.10.1 <=2.1.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-29554 Source advisory: OSV:PYSEC-2021-680...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4945-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4945-1 advisory. It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attack...

Ubuntu: Security Advisory (USN-4949-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4949-1: Linux kernel vulnerabilities

Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3489...

CVE-2021-3546

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU. The flaw occurs while processing the 'VIRTIOGPUCMDGETCAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of...

CVE-2021-3544

Several memory leaks were found in the virtio vhost-user GPU device vhost-user-gpu of QEMU. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory i.e., free after effective lifetime...

CVE-2021-3545

An information disclosure vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU. The flaw exists in virglcmdgetcapsetinfo in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memo...

USN-4945-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities

It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service system crash. CVE-2020-25639 Jan Beulich discovered that the Xen netback backend in the Linux kernel did not...

CVE-2021-28663

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0...

CVE-2021-28664

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service memory corruption because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 throu...

CVE-2021-28664

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service memory corruption because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 throu...

Memory corruption

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service memory corruption because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 throu...

Privilege escalation

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0...

CVE-2021-28663

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0...