CVE-2020-10007

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout...

CVE-2020-9974

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout...

CVE-2020-27950

A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS...

An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment aka CID-fd4d9c7d0c71.

...

A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory aka CID-6735b4632def.

...

The vulnerability of the kmem_cache_alloc_bulk function (mm/slub.c) in Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the kmemcacheallocbulk function in the mm/slub.c file of Linux operating system kernels is related to errors during multi-threaded tasks race conditions. Exploiting this vulnerability can allow an attacker to cause service failures...

FreeBSD : FreeBSD -- ICMPv6 use-after-free in error message handling (8eed0c5c-3482-11eb-b87a-901b0ef719ab)

When an ICMPv6 error message is received, the FreeBSD ICMPv6 stack may extract information from the message to hand to upper-layer protocols. As a part of this operation, it may parse IPv6 header options from a packet embedded in the ICMPv6 message. The handler for a routing option caches a point...

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos,...

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos,...

USN-4657-1: Linux kernel vulnerabilities

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-0427 Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5962)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5962 advisory. - drm/vmwgfx: Make sure backuphandle is always valid Sinclair Yeh Orabug: 31352076 CVE-2017-9605 - random32: move the pseudo-random 32-bit...

An iOS zero-click radio proximity exploit odyssey

Posted by Ian Beer, Project Zero NOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 13.5 in May 2020. In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot...

CVE-2019-20934

A flaw was found in the Linux kernel’s implementation of displaying NUMA statistics, where displaying the scheduler statistics could trigger a use-after-free in shownumastats and display the kernel memory to userspace. The highest threat from this vulnerability is to system availability. Mitigati...

kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege

A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

USN-4591-1: Linux kernel vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system...

CVE-2020-28915

A buffer over-read at the framebuffer layer in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def...

Buffer overflow

A buffer over-read at the framebuffer layer in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def...

CVE-2020-28915

A buffer over-read at the framebuffer layer in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def...

CVE-2020-28915

A buffer over-read at the framebuffer layer in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def...

CVE-2020-28915

CVE-2020-28915 is a Linux kernel vulnerability in the fbcon framebuffer code, where a buffer over-read before 5.8.15 could allow a local attacker to read kernel memory. The issue is caused by improper bounds handling in the framebuffer font-related path used by fbcon. Affected fix: upstream patch...