CVE-2021-34387

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is...

Design/Logic Flaw

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is...

CVE-2021-34387

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is...

Intel Core Processors 输入验证错误漏洞

Intel Core Processors is an Intel Core family of central processing units CPUs from Intel Corporation. A security vulnerability exists in Intel Core Processors, which stems from a Pointer Validation Insufficiency vulnerability in AMD Graphics Driver for Windows 10, which could lead to the executi...

DEBIAN-CVE-2021-20292

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveausgdma.c in nouveausgdmacreatettm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with ...

DEBIAN-CVE-2021-31440

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

The vulnerability of Linux operating system’s kernel-based PI futex components, which allows a hacker to execute arbitrary code at the kernel level

The vulnerability of Linux operating system’s kernel PI futexes relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code at the kernel level...

UBUNTU-CVE-2019-25044

The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blkmqfreerqs and blkcleanupqueue...

PT-2021-4226 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux Kernel version 5.11.15 Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit th...

Corel Parallels Desktop 输入验证错误漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Parallels Tools component of Parallels Desktop version 16.1.2-49151. The vulnerability stems from a lack of proper validation of user-supplied data. An attacker can exploit the...

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

...

AZL-6544 CVE-2021-29154 affecting package kernel for versions less than 5.10.78.1-1

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpfjitcomp.c and arch/x86/net/bpfjitcomp32.c...

PT-2021-2653 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.12 Description: The issue is related to incorrect computation of branch displacements in BPF JIT compilers, allowing them to execute arbitrary code within the kernel context. This affects files...

Call of Duty Cheats Expose Gamers to Malware

Activision, the company behind Call of Duty: Warzone, has issued a warning that a threat actor is taking out ads for cheat tools, which instead turn out to be remote-access trojan RAT malware . The scam was first floated in March when a cyberattacker posted in hacking forums that they had a free,...

CVE-2020-27907

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4878-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4878-1 advisory. It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad- hoc SSIDs. A local attacker could...

CVE-2021-20292

There is a flaw reported in drivers/gpu/drm/nouveau/nouveausgdma.c in nouveausgdmacreatettm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can...

EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1386)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13...

grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled

A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdown variable content direct...

Vulnerabilities fixed in Apple macOS

Vulnerabilities have been fixed in Apple macOS. The vulnerabilities allow a local malicious person to obtain elevated privileges to obtain or execute arbitrary code with kernel privileges. The vulnerability with attribute CVE-2021-3156 is known as the sudo vulnerability named "Baron Samedit." Mor...