220 matches found
CVE-2023-53353
The CVE concerns the Linux kernel in accel/habanalabs where the memory manager IDR destruction is postponed from the memory manager fini to hpriv_release(). The issue arises because destroying the IDR while a user context may still hold memory buffers could cause release calls to fail later, crea...
CVE-2023-53352 drm/ttm: check null pointer before accessing when swapping
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: check null pointer before accessing when swapping Add a check to avoid null pointer dereference as below: 90.002283 general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 PREEMPT SMP KASA...
Linux Distros Unpatched Vulnerability : CVE-2025-38669
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert drm/gem-shmem: Use dmabuf from GEM object instance This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. The dmabuf field in struct drmgemobject ...
CVE-2025-38554
CVE-2025-38554 in the Linux kernel describes a use-after-free (UAF) involving VMAs: if vma->mm is freed after vma->vm_refcnt has dropped, a recycled VMA could be mishandled, leading to UAF. The race can occur when VMAs are recycled under RCU (with SLAB_TYPESAFE_BY_RCU) and lock_vma_under_rc...
Romm 安全漏洞
Romm is an open source read-only memory manager from The RomM Project. A security vulnerability exists in RomM versions prior to 3.10.3 and prior to 4.0.0-beta.3, which stems from the presence of authentication path traversal in the api/raw endpoints, which could lead to the disclosure of passwor...
CVE-2024-47029
In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trustysharedmemorymanager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed fo...
CVE-2021-39682
In mgmallocpage of memorygroupmanager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
Important: ghostscript
Issue Overview: The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.c The calculation of the buffer size was being done with int values, and overflowing that data type. By...
Amazon Linux 2 : ghostscript (ALAS-2025-2820)
The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2820 advisory. Fix confusion between bytes and shorts. Data is being copied from a string in multiple of shorts, rather than multipl...
Important: ghostscript
Issue Overview: The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.c The calculation of the buffer size was being done with int values, and overflowing that data type. By...
Linux Distros Unpatched Vulnerability : CVE-2016-10012
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all...
UBUNTU-CVE-2024-36275
NULL pointer dereference in some IntelR OptaneTM PMem Management software versions before CRMGMT02.00.00.4040, CRMGMT03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access...
Google Pixel 安全漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from incorrect boundary checking in TrustySharedMemoryManager::GetSharedMemory at ondevice/trusty/trustysharedmemorymanager.cc, which could be exploited by an...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition between a delayed split and a large folio migration in the mm module, which could lead to a...
The vulnerability of the __unmap_hugepage_range() function in the Linux kernel memory manager allows a hacker to trigger a system failure.
The vulnerability of the unmaphugepagerange function in the mm/hugetlb.c file of the Linux kernel’s memory manager is related to an incorrect check in the code that returns vmaneedsreservation. Exploiting this vulnerability could allow an attacker to trigger a service failure...
RHEL 6 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: loading of untrusted PKCS11 modules in ssh-agent CVE-2016-10009 - openssh: Bounds check can be...
Amazon Linux 2 : firefox (ALASFIREFOX-2023-006)
The version of firefox installed on the remote host is prior to 102.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-006 advisory. The Mozilla Foundation describes this issue as follows:Unexpected data returned from the Safe Browsing API could...
CVE-2023-29536
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for...
DEBIAN-CVE-2023-29536
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for...
CVE-2023-29536
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for...