236 matches found
PT-2025-2509 · Qualcomm · Snapdragon +6
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption that occurs when invoking IOCTL calls from user-space to kernel-space, specifically for handling session errors. Th...
CVE-2024-56695 drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()'
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfdgetcuoccupancy' The kfdgetcuoccupancy function previously declared a large cuoccupancy array as a local variable, which could lead to stack overflows due to excessi...
PT-2024-37005 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the kfd get cu occupancy function, which previously declared a large cu occupancy array as a local variable. This could lead to stack overflows due to excessive stac...
CVE-2024-33040
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access...
CVE-2024-33040 Use After Free in Camera Driver
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access...
CVE-2024-33040
CVE-2024-33040 corresponds to a memory corruption issue reported in Qualcomm camera driver code, caused by a race condition between releasing a user-space buffer and subsequent kernel-space access due to a redundant release command. Affected component is a camera driver (Qualcomm chipset context)...
CVE-2024-50102
In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Litetm" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user...
CVE-2024-50102
CVE-2024-50102 : The connected advisories indicate a Linux kernel x86 issue where using the high address bit to classify user vs. kernel space enabled a speculative-execution leak for non-canonical addresses. The root cause involves non-canonical address handling and an evolving AC/bit behavior a...
CVE-2024-23376
CVE-2024-23376 involves memory corruption while sending the persist buffer IOCTL from user-space to kernel space in Qualcomm-related components (notably Qualcomm Snapdragon Auto). The issue is described as a memory corruption (also characterized as a use-after-free in some feeds) affecting the pe...
The vulnerability of the Tap-Windows6 software driver allows a hacker to execute arbitrary code.
The vulnerability of the Tap-Windows6 software’s OpenVPN driver in Windows operating systems is related to a numerical overflow issue. Exploiting this vulnerability allows an attacker to execute arbitrary code in the kernel space...
PT-2024-25417 · Aptiov · Aptiov
Name of the Vulnerable Software and Affected Versions: AptioV affected versions not specified Description: This issue affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to...
PT-2024-11524
Name of the Vulnerable Software and Affected Versions ASP Secure OS affected versions not specified Description The issue is related to insufficient checking of memory buffer in ASP Secure OS, which may allow an attacker with a malicious Trusted Application TA to read or write to the ASP Secure O...
How to Enable Special Pool Tagging for a Driver
If the stack of a process is overrun by another process, analysis of the dump is not possible because the crash occurs when the original process writes to the kernel space which is already occupied by the other, misbehaving component. Enabling Special Pool Tagging causes the driver to crash as so...
CVE-2024-1305
tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space...
CVE-2024-1305
tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space...
CVE-2024-1305
tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space...
CVE-2024-1305
CVE-2024-1305 affects the tap-windows6 driver (versions 9.26 and earlier). The issue is that the driver does not properly validate size data in incoming write operations, allowing an attacker to overflow memory buffers and potentially achieve arbitrary code execution in kernel space. This aligns ...
CVE-2024-35801
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfdstate in sync with MSRIA32XFD Commit 672365477ae8 "x86/fpu: Update XFD state where required" and commit 8bf26758ca96 "x86/fpu: Add XFD state to fpstate" introduced a per CPU variable xfdstate to keep the MSRIA32X...
CVE-2024-35801 x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfdstate in sync with MSRIA32XFD Commit 672365477ae8 "x86/fpu: Update XFD state where required" and commit 8bf26758ca96 "x86/fpu: Add XFD state to fpstate" introduced a per CPU variable xfdstate to keep the MSRIA32X...
CVE-2024-35801
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfdstate in sync with MSRIA32XFD Commit 672365477ae8 "x86/fpu: Update XFD state where required" and commit 8bf26758ca96 "x86/fpu: Add XFD state to fpstate" introduced a per CPU variable xfdstate to keep the MSRIA32X...