951 matches found
Astra Linux - уязвимость в linux-5.10
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the...
Google ChromeOS Post-Release Usage Vulnerability
Google ChromeOS is an operating system based on the Linux kernel. Google ChromeOS suffers from a use-after-release vulnerability that stems from the presence of a competing conditional use-after-release reuse in the virtiotransportspaceupdate function, which can be exploited by an attacker to cau...
CVE-2025-1290
A race condition Use-After-Free vulnerability exists in the virtiotransportspaceupdate function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtiovsocksock structure during an AFVSOCK connect syscall can occur before a worker thread accesses it resulting in a...
CVE-2025-1290
A race condition Use-After-Free vulnerability exists in the virtiotransportspaceupdate function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtiovsocksock structure during an AFVSOCK connect syscall can occur before a worker thread accesses it resulting in a...
Google ChromeOS Kernel 安全漏洞
Google ChromeOS is an operating system based on the Linux kernel. Google ChromeOS suffers from a use-after-release vulnerability that stems from the presence of a competing conditional use-after-release reuse in the virtiotransportspaceupdate function, which can be exploited by an attacker to cau...
PT-2025-16016
Name of the Vulnerable Software and Affected Versions Arm Ltd Valhall GPU Kernel Driver versions r29p0 through r53p0 Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver versions r41p0 through r53p0 TP-Link Smart Hub versions prior to an unspecified fixed version Description A Use After Free issue ...
CVE-2023-52978 riscv: kprobe: Fixup kernel panic when probing an illegal position
In the Linux kernel, the following vulnerability has been resolved: riscv: kprobe: Fixup kernel panic when probing an illegal position The kernel would panic when probed for an illegal position. eg: CONFIGRISCVISAC=n echo 'p:hello kernelclone+0x16 a0=%a0' kprobeevents echo 1...
Linux Distros Unpatched Vulnerability : CVE-2024-43904
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing This commit adds null checks for the 'stream' and 'plane' variables in the...
CVE-2025-0287
Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation...
PT-2025-9249
Name of the Vulnerable Software and Affected Versions Paragon Partition Manager version 7.9.1 Description The issue is caused by a null pointer dereference vulnerability within biontdrv.sys, resulting from a lack of a valid MasterLrp structure in the input buffer. This allows an attacker to execu...
CVE-2022-49371
CVE-2022-49371: In the Linux kernel, driver core: fix deadlock in __device_attach. The deadlock occurs when async_probe is scheduled while holding device_lock(dev); async_helper may also acquire dev, causing A-A deadlock. The fix moves async_schedule_dev outside the device_lock path, leveraging t...
CVE-2022-49280
CVE-2022-49280 concerns the Linux kernel NFSD: nfssvc_decode_writeargs() underflow, mitigated by changing a length/args field to unsigned to prevent underflow. Public advisories (EulerOS, Unity Linux, Astra Linux, etc.) document this CVE within kernel updates, indicating the vulnerability affects...
CVE-2025-0373 Buffer overflow in some filesystems via NFS
On 64-bit systems, the implementation of VOPVPTOFH in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with ...
mm: resolve faulty mmap_region() error path behaviour
...
PT-2025-5320 · Apple · Macos Sequoia +1
Name of the Vulnerable Software and Affected Versions: macOS Sequoia versions prior to 15.3 Description: A buffer overflow issue was addressed with improved memory handling. An application with root privileges may be able to execute arbitrary code with kernel privileges. Recommendations: For macO...
VulnCheck KEV: CVE-2023-3269
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas VMAs is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers,...
Google Pixel 安全漏洞
Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that originates in the updategpssv and outputgpssv sections of vendor/mediatek/proprietary/hardware/connectivity/gps/gpshal/src/gpshalwor A missing bounds check in updategpssv and...
PT-2024-35369 · Lorex · Lorex 2K Indoor Wi-Fi Security Camera
Name of the Vulnerable Software and Affected Versions: Lorex 2K Indoor Wi-Fi Security Camera versions prior to 2.800.0000000.8.R.20241111 Description: An attacker who can execute arbitrary Operating Systems commands can bypass code signing enforcements in the kernel and execute arbitrary native...
kernel: tick/nohz: unexport __init-annotated tick_nohz_full_setup()
In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to ...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious person could exploit the vulnerabilities to bypass a security measure, grant themselves elevated privileges, access sensitive data, execute arbitrary code, possibly with kernel privileges or cause a Denial-of-Service. Successful abuse requires...