MediaTek 芯片资源管理错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the ged module of the MediaTek chips, which stems from improper locking and use after free. This could result in a local privilege escalation that requires system execution...

PT-2022-17862 · Ged · Ged

Name of the Vulnerable Software and Affected Versions: ged affected versions not specified Description: The issue is related to a possible use after free due to improper locking, which could lead to local escalation of privilege. System execution privileges are needed for exploitation, and user...

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs pthreadcreate returns a nonzero value while executing the method createworkerthreads, the held lock is not released correctly, which allows local users to trigger a denial of...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2022:2177-1 Rating: important References: 1055117 1061840 1065729 1103269 1118212 1153274 1154353 1156395 1158266 1167773 1176447 1177282 1178134 1180100 1183405 1188885 1195826 1196426 1196478 1196570...

CVE-2022-0480

A flaw was found in the filelockinit in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface POSIX file locks...

Ubuntu: Security Advisory (USN-395-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2959

A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the...

Unsafe typecasting can lead to tokens being locked in the contract

Lines of code Vulnerability details Impact In the createLock function the amount is calculated by casting the uint256 value to int128 in an unsafe way. Specifically the locked.amount is calculated as: locked.amount += int128int256value; could result in a negative value for locked.amount. For...

CVE-2022-20376

In trustylogseqstart of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Design/Logic Flaw

In trustylogseqstart of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-20376

In trustylogseqstart of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

SUSE-SU-2022:2781-1 Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024115 fixes several issues. The following security issues were fixed: - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages bsc1199487. -...

SUSE-SU-2022:2779-1 Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024112 fixes several issues. The following security issues were fixed: - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages bsc1199487. -...

SUSE SLES12: kernel-livepatch-4_12_14-150000_150_92-default / etc (SUSE-SU-2022:2762-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2762-1 advisory. This update for the Linux Kernel 4.12.14-122121 fixes several issues. The following security issues were fixed: - CVE-2022-1679: Fixed...

PT-2022-14601 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to a possible use after free due to improper locking in the trusty log seq start function of trusty-log.c. This could lead to local escalation of...

SUSE-SU-2022:2776-1 Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-2486 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcbausb.c vulnerability in the Linux kernel. bnc1198033 - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An...

SUSE-SU-2022:2750-1 Security update for the Linux Kernel (Live Patch 29 for SLE 15)

This update for the Linux Kernel 4.12.14-15000015089 fixes several issues. The following security issues were fixed: - CVE-2022-1419: Fixed a concurrency use-after-free in vgemgemdumbcreate bsc1198742. - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces...

SUSE-SU-2022:2762-1 Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-150100197114 fixes several issues. The following security issues were fixed: - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages bsc1199487. -...

SUSE-SU-2022:2732-1 Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-1503005963 fixes several issues. The following security issues were fixed: - CVE-2022-34918: Fixed a buffer overflow with nftseteleminit that could be used by a local attacker to escalate privileges bnc1201171. - CVE-2022-1679: Fixed a use-after-free in the...

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...