kernel: Copy_from_user on 64-bit versions may leak kernel information

A vulnerability was found in copyfromuser in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the "accessok" sanity check and pass a kernel pointer to copyfromuser, resulting in kernel data leaking...

USN-5390-1 linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-kvm, linux-lowlatency vulnerabilities

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 David Bouman discovered that the netfilter subsystem in t...

SUSE-SU-2022:0930-2 Security update for qemu

This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd bsc1195161. - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device bsc1192525. Non-security fixes: - Fixed a kernel data corruption via a long kernel bo...

Information disclosure

In ionioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

UBUNTU-CVE-2021-39800

In ionioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2021-39800

In ionioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2021-39800

CVE-2021-39800 affects the Android kernel ION component (ion_ioctl.c) where a use-after-free can leak kernel head data, enabling local information disclosure without extra privileges or user interaction. Exploitation details are not provided in the supplied documents. Impact is limited to local d...

SUSE-SU-2022:1151-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2021-20196: Fixed a denial of service in the floppy disk emulator bsc1181361. - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device bsc1192525. Non-security fixes: - Fixed a kernel data corruption via a long kernel...

kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c

A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures...

ASB-A-208277166

In ionioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

OPENSUSE-SU-2022:0930-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd bsc1195161. - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device bsc1192525. Non-security fixes: - Fixed a kernel data corruption via a long kernel bo...

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2022:0930-1 Rating: important References: 1178049 1192525 1193364 1193545 1194938 1195161 1196087 1196737 Cross-References: CVE-2021-3930 CVE-2022-0358 CVSS scores: CVE-2021-3930 NVD : 6.5...

PUB-A-197850306

In getsignalpage of signal.c, there is a possible leak of kernel data due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

OpenBSD 安全漏洞

OpenBSD is a cross-platform, BSD-based, UNIX-like operating system from the Canadian OpenBSD project group. OpenBSD suffers from a security vulnerability that stems from the implementation of multicast routing that does not properly initialize memory before accessing it . The vulnerability allows...

Linux kernel 安全特征问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which can be exploited by an attacker to bypass restrictions on access to Linux kernel data and open a UDP port via an ICMP error to read sensitive...

CVE-2021-22463

A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure...

Windows 11 is out. Is it any good for security?

Windows 11, the latest operating system OS from Microsoft, launches today, and organizations have begun asking themselves when and if they should upgrade from Windows 10 or older versions. The requirements and considerations of each organization will be different, and many things will inform the...

UBUNTU-CVE-2021-3743

An out-of-bounds OOB memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...

CVE-2021-21790

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

IOBit Advanced SystemCare 安全漏洞

Iobit IOBit Advanced SystemCare is a system management utility program from the British company IOBit Iobit. The program is mainly used for scanning, repairing and optimizing the system, among other things. A security vulnerability exists in IOBit Advanced SystemCare Ultimate, which stems from an...