NVIDIA TLK 访问控制错误漏洞

Nvidia NVIDIA TLK is a scheduler from Nvidia Corporation of America for use with Trusted Firmware-A TF-A. The NVIDIA TLK suffers from an Access Control Error vulnerability that stems from the fact that the ARM® TrustZone technology, on which Trusty is based, contains a vulnerability in the access...

Linux kernel 缓冲区错误漏洞

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. An out-of-bounds memory write vulnerability exists in listdevices in drivers/md/dm-ioctl.c in the Multi-Device Driver...

UBUNTU-CVE-2021-31916

An out-of-bounds OOB memory write flaw was found in listdevices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user CAPSYSADMIN privilege to gain access to out-of-bounds memory leading to a system...

CVE-2021-25369

An improper access control vulnerability in seclog file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a security vulnerability that stems from a memory access flaw. The vulnerability can be exploited by an attacker to gain access to out-of-bounds...

kernel: uninitialized kernel data leak in userspace coredumps

A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data...

kernel: uninitialized kernel data leak in userspace coredumps

A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data...

kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c

A NULL pointer dereference flaw was found in the Xirlink camera USB driver 'xirlink-cit' in the Linux kernel. The driver mishandles invalid descriptors leading to a denial-of-service DoS. This could allow a local attacker with user privilege to crash the system or leak kernel internal information...

kernel: kernel stack information leak on s390/s390x

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...

kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c

A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures...

kernel: uninitialized kernel data leak in userspace coredumps

A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data...

kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c

A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures...

kernel: uninitialized kernel data leak in userspace coredumps

A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data...

PT-2020-3929 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the win32k component of the Windows operating system, which improperly handles kernel information, leading to an information disclosure. This could allow an attacker...

CVE-2020-1510

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log ...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This...

Introducing Kernel Data Protection, a new platform security technology for preventing data corruption

Attackers, confronted by security technologies that prevent memory corruption, like Code Integrity CI and Control Flow Guard CFG, are expectedly shifting their techniques towards data corruption. Attackers use data corruption techniques to target system security policy, escalate privileges, tampe...

Important kernel security update: Virtuozzo ReadyKernel patch 110.0 for Virtuozzo Hybrid Server 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0 and Virtuozzo Hybrid Infrastructure 3.5

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.0 and Virtuozzo Infrastructure Platform. Vulnerability id: CVE-2020-10711 3.10.0-862.20.2.vz7.73.24 to 3.10.0-1062.12.1.vz7.131.10...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1)

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:1599-1)

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called...