21 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: skbpartialcsumset fix against transport header magic values The skb-transportheader uses the special value 0xFFFF to indicate whether the transport header was set or not. We must prevent callers from accidentally setting...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: parisc: Clear stale IIR value on instruction access rights trap When a trap 7 Instruction access rights occurs, this means the CPU couldn't execute an instruction due to missing execute permissions on the memory region. In this...
CVE-2023-53439
In the Linux kernel, the following vulnerability has been resolved: net: skbpartialcsumset fix against transport header magic value skb-transportheader uses the special 0xFFFF value to mark if the transport header was set or not. We must prevent callers to accidentaly set skb-transportheader to...
CVE-2023-53439
In the Linux kernel, the following vulnerability has been resolved: net: skbpartialcsumset fix against transport header magic value skb-transportheader uses the special 0xFFFF value to mark if the transport header was set or not. We must prevent callers to accidentaly set skb-transportheader to...
DEBIAN-CVE-2023-53439
In the Linux kernel, the following vulnerability has been resolved: net: skbpartialcsumset fix against transport header magic value skb-transportheader uses the special 0xFFFF value to mark if the transport header was set or not. We must prevent callers to accidentaly set skb-transportheader to...
UBUNTU-CVE-2023-53439
In the Linux kernel, the following vulnerability has been resolved: net: skbpartialcsumset fix against transport header magic value skb-transportheader uses the special 0xFFFF value to mark if the transport header was set or not. We must prevent callers to accidentaly set skb-transportheader to...
CVE-2023-53439 net: skb_partial_csum_set() fix against transport header magic value
In the Linux kernel, the following vulnerability has been resolved: net: skbpartialcsumset fix against transport header magic value skb-transportheader uses the special 0xFFFF value to mark if the transport header was set or not. We must prevent callers to accidentaly set skb-transportheader to...
CVE-2023-53439 net: skb_partial_csum_set() fix against transport header magic value
In the Linux kernel, the following vulnerability has been resolved: net: skbpartialcsumset fix against transport header magic value skb-transportheader uses the special 0xFFFF value to mark if the transport header was set or not. We must prevent callers to accidentaly set skb-transportheader to...
CVE-2023-53439 net: skb_partial_csum_set() fix against transport header magic value
In the Linux kernel, the following vulnerability has been resolved: net: skbpartialcsumset fix against transport header magic value skb-transportheader uses the special 0xFFFF value to mark if the transport header was set or not. We must prevent callers to accidentaly set skb-transportheader to...
CVE-2023-53439
CVE-2023-53439 concerns the Linux kernel fix for skb_partial_csum_set() where skb->transport_header used the sentinel value 0xFFFF to indicate the transport header status. The description indicates the vulnerability arose from callers potentially setting skb->transport_header to 0xFFFF, and...
PT-2025-38458
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of transport header magic values within the skb partial csum set function. Specifically, the code does not prevent callers from...
Tech-ASan: Two-Stage Check for Address Sanitizer
Address Sanitizer ASan is a sharp weapon for detecting memory safety violations, including temporal and spatial errors hidden in C/C++ programs during execution. However, ASan incurs significant runtime overhead, which limits its efficiency in testing large software. The overhead mainly comes fro...
tpm2-tools: arbitrary quote data may go undetected by tpm2_checkquote
A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2GENERATEDVALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2checkquote...
SUSE CVE-2019-9792
The IonMonkey just-in-time JIT compiler can leak an internal JSOPTIMIZEDOUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird...
NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0062)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory...
Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
The IonMonkey just-in-time JIT compiler can leak an internal JSOPTIMIZEDOUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird...
Microsoft Edge Chakra JIT InlineArrayPush Type Confusion
Microsoft Edge: Chakra: JIT: Type confusion with InlineArrayPush This is similar to issue 1531 . The patch seems to prevent type confusion triggered from StElemIA instructions. But the SetItem method can also be invoked through the Array.prototype.push method which can be inlineed. We can achieve...
Microsoft Edge Chakra JIT - Magic Value Type Confusion Exploit
Exploit for windows platform in category dos / poc / BOOL JavascriptNativeFloatArray::SetItemuint32 index, double dValue if uint64&dValue == uint64&JavascriptNativeFloatArray::MissingItem JavascriptArray varArr = JavascriptNativeFloatArray::ToVarArraythis; varArr-DirectSetItemAtindex,...
Microsoft Edge Chakra JIT - Magic Value Type Confusion
/ BOOL JavascriptNativeFloatArray::SetItemuint32 index, double dValue if uint64&dValue == uint64&JavascriptNativeFloatArray::MissingItem JavascriptArray varArr = JavascriptNativeFloatArray::ToVarArraythis; varArr-DirectSetItemAtindex, JavascriptNumber::ToVarNoCheckdValue, GetScriptContext; return...
CVE-2009-5038
Cisco IOS before 15.01XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service device reload via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID...