CVE-2021-0330

In adduserce and removeuserce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Exploit for Improper Locking in Apple Ipados

It is an exploit module targeting Apache HTTP Serv...

SUSE-SU-2021:0408-1 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3)

This update for the Linux Kernel 4.4.180-94116 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver bsc1180562. - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could...

SUSE-SU-2021:0377-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19734 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver bsc1180562. - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could...

SUSE-SU-2021:0367-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-22 fixes several issues. The following security issues were fixed: - CVE-2020-29373: Fixed an issue where kernel unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locatio...

SUSE-SU-2021:0362-1 Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-2424 fixes several issues. The following security issues were fixed: - CVE-2020-29373: Fixed an issue where kernel unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem...

QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of file...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9039)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9039 advisory. - target: fix XCOPY NAA identifier lookup David Disseldorp Orabug: 32248040 CVE-2020-28374 - tty: Fix -session locking Jann Horn Orabug: 32266681...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9035)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9035 advisory. - target: fix XCOPY NAA identifier lookup David Disseldorp Orabug: 32248040 CVE-2020-28374 - tty: Fix -session locking Jann Horn Orabug: 32266681...

DEBIAN-CVE-2021-26708

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AFVSOCK implementation are caused by wrong locking in net/vmwvsock/afvsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support...

UBUNTU-CVE-2021-26708

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AFVSOCK implementation are caused by wrong locking in net/vmwvsock/afvsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support...

OracleVM 3.4 : kernel-uek (OVMSA-2021-0005)

The remote OracleVM system is missing necessary patches to address security updates: - An issue was found in Linux kernel before 5.5.4. The mwifiexcmdappendvsietlv function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of...

kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free

A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

Important: Red Hat Security Advisory: kernel-alt security update

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Important: kernel-livepatch-4.14.200-155.322

Issue Overview: A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/ttyio.c and drivers/tty/ttyjobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. CVE-2020-29660 A locking vulnerability was found in the...

RHEL 7 : kernel-alt (RHSA-2021:0354)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0354 advisory. The kernel-alt packages provide the Linux kernel version 4.x. Security Fixes: kernel: locking issue in drivers/tty/ttyjobctrl.c can lead to ...

Qualcomm RFA Security Vulnerability

Qualcomm RFA is a Qualcomm Incorporated USA support component used in chips. A security vulnerability exists in Qualcomm RFA due to improper authentication of SPC code settings and device locking...

ASB-A-170732441

In adduserce and removeuserce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation...

CentOS 8 : mariadb:10.3 (CESA-2020:5500)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5500 advisory. - mysql: InnoDB unspecified vulnerability CPU Oct 2019 CVE-2019-2938 - mysql: Server: Optimizer unspecified vulnerability CPU Oct 2019 CVE-2019-2974 -...

PT-2021-2217 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.13 Description: A local privilege escalation issue is present in the Linux kernel due to multiple race conditions in the AF VSOCK implementation. These conditions are caused by incorrect locking in the...