A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes possibly making the system inoperable.

...

Ubuntu: Security Advisory (USN-4527-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

Apple iOS Memory Initialization Vulnerability

Apple iOS is an operating system for mobile devices developed by Apple Inc. in the United States. A security vulnerability exists in Apple iOS that stems from an out-of-bounds write issue resolved through improved boundary checking. An attacker could exploit the vulnerability to potentially cause...

Apple iOS Out-of-Bounds Read Vulnerability

Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in Apple iOS that stems from an out-of-bounds write issue resolved through improved boundary checking. An attacker could exploit the vulnerability to potentially cause an unexpected system...

Apple iOS Lock Screen Vulnerability

Apple iOS is an operating system for mobile devices developed by Apple Inc. in the United States. A security vulnerability exists in Apple iOS that stems from an out-of-bounds write issue resolved through improved boundary checking. An attacker could exploit the vulnerability to cause an unexpect...

PT-2020-20901 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 14.0 iPadOS versions prior to 14.0 Description: A memory initialization issue was addressed with improved memory handling, allowing a local user to potentially read kernel memory. Recommendations: For iOS versions prior ...

CVE-2020-0429

In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

CVE-2020-0430

In skbheadlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...

Linux kernel memory leak vulnerability (CNVD-2020-52395)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory leak vulnerability exists in the Linux Kernel's Ethernet driver. The vulnerability stems from a problem with...

About the security content of iOS 14.0 and iPadOS 14.0

About the security content of iOS 14.0 and iPadOS 14.0 This document describes the security content of iOS 14.0 and iPadOS 14.0. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

CVE-2020-10781

A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hotadd file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user...

UBUNTU-CVE-2020-14304

A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality...

CVE-2020-15137

All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on the host, or can cause the kernel to crash. Kernel memory disclosure is especially likely on 32-b...

Integer overflow

All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on the host, or can cause the kernel to crash. Kernel memory disclosure is especially likely on 32-b...

CVE-2020-15137 Integer overflow in HoRNDIS

All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on the host, or can cause the kernel to crash. Kernel memory disclosure is especially likely on 32-b...

CVE-2020-15137

CVE-2020-15137 affects HoRNDIS — an integer overflow in HoRNDIS::receivePacket of the RNDIS packet parser. The vulnerability allows a malicious USB device to disclose kernel memory to userspace on the host (more likely on 32-bit kernels) or cause a kernel crash (more likely on 64-bit kernels) via...

The vulnerability of the Linux operating system’s kernel, related to the use of memory after it is freed, allows a hacker to cause a service failure.

The vulnerability in the drivers/net/slip/slip.c and drivers/net/can/slcan.c files of the Linux operating system relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...

Multiple Apple products Wi-Fi component out-of-bounds read vulnerability

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple tvOS is an operating system for smart TVs.Apple iPadOS is an operating system for iPad tablets.Wi-Fi is one of the components of wireless Internet access. A security vulnerability...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4439-1 advisory. It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An...