Huawei HarmonyOS stack buffer overflow vulnerability (CNVD-2021-99968)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A stack buffer overflow vulnerability exists in the Kernel module of Huawei HarmonyOS. An attacker can exploit this vulnerability to cause the device to beco...

Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVEs. Vulnerability Details CVEID: CVE-2021-3772 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper validation of integrity check value by the Linux SCTP stack...

CVE-2021-43975

An out-of-bounds write flaw was found in the Linux kernel’s Aquantia AQtion Ethernet card Atlantic driver in the way the ethernet card provides malicious input to the driver. This flaw allows a local user to emulate the networking device and crash the system. The highest threat from this...

CVE-2021-43389

An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...

CVE-2021-42739

A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CASENDMSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to...

Exploit for Use After Free in Microsoft

CVE-2021-40449 My exploit for CVE-2021-40449, a Windows LPE vi...

CVE-2021-3896

An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...

The vulnerability in the `drivers/gpu/drm/nouveau/nouveau_sgdma.c` kernel module of the Linux operating system arises from the use of memory after it is freed. This allows an attacker to execute arbitrary code with root privileges.

The vulnerability in the drivers/gpu/drm/nouveau/nouveausgdma.c kernel module of the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code with root privileges...

CVE-2021-3715

A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...

Huawei HarmonyOS 输入验证错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An information disclosure vulnerability exists in Huawei HarmonyOS version 2.0. The vulnerability stems from the failure to properly validate the Array Index...

Huawei Smartphone 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. A stack buffer overflow vulnerability exists in the Kernel module of Huawei HarmonyOS, which provides a microkernel-based, full-scenario distributed operating system. An attack...

Huawei Smartphone 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A stack buffer overflow vulnerability exists in the Kernel module of Huawei HarmonyOS. An attacker can exploit this vulnerability to cause the device to beco...

Huawei HarmonyOS 输入验证错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. An integer overflow vulnerability exists in Huawei HarmonyOS version 2.0, which provides a microkernel-based, full-scenario distributed operating system. The vulnerability stems from incorrect input validation in the kernel module of...

Huawei HarmonyOS 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A stack buffer overflow vulnerability exists in the Kernel module of Huawei HarmonyOS. An attacker can exploit the vulnerability to cause an out-of-bounds re...

ASB-A-184018316

In getsockstat of xtqtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

The vulnerability in the kernel/module.c component of the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the kernel/module.c component in the Linux operating system is related to improper verification of the cryptographic signature. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

SUSE: Security Advisory (SUSE-SU-2013:1151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-30178

An issue was discovered in the Linux kernel through 5.11.11. synicget in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987...

kernel: iscsi: unrestricted access to sessions and handles

A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system...

CVE-2021-30002

A flaw memory leak in the Linux kernel webcam device functionality was found in the way user calls ioctl that triggers videousercopy function. The highest threat from this vulnerability is to system availability. Mitigation To mitigate this issue, prevent the module v4l2-common from being loaded...