828 matches found
PT-2021-8200 · Crucial · Ballistix Mod Utility
Name of the Vulnerable Software and Affected Versions: Ballistix MOD Utility versions 2.0.2.5 and earlier Description: The issue is related to a privilege escalation vulnerability in the MODAPI.sys driver component. It is triggered by sending a specific IOCTL request, allowing low-privileged user...
SUSE SLES12: xen / xen-doc-html / xen-libs / xen-libs-32bit / xen-tools / etc (SUSE-SU-2021:2955-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2955-1 advisory. Security issues fixed: - CVE-2021-28698: long running loops in grant table handling XSA-380bsc1189378. - CVE-2021-28697: grant tabl...
ALPINE-CVE-2021-28697
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest...
CVE-2021-28696
IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresse...
Information disclosure
IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresse...
CVE-2021-28695
CVE-2021-28695 affects the Xen hypervisor (IOMMU page mapping) on AMD systems. The issue arises when firmware specifies discontinuous memory ranges that are identity-mapped during translation, allowing a guest to retain access to memory ranges it should not access after device de-assignment. Docu...
CVE-2021-28696
CVE-2021-28696 affects the Xen hypervisor. The issue arises from IOMMU identity mappings defined in ACPI for devices assigned to a guest: when a device is de-allocated from a guest, the identity mappings can be left in place, allowing the guest continued access to memory ranges it should no longe...
CVE-2021-28695
IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresse...
kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks
A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VMIO|VMPFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of...
NVIDIA TLK 输入验证错误漏洞
Nvidia NVIDIA TLK is a scheduler from Nvidia Corporation of America that is used in conjunction with Trusted Firmware-A TF-A. NVIDIA TLK suffers from an Input Validation Error vulnerability that stems from Trusty TLK containing a vulnerability in the NVIDIA TLK kernel function, where a missing...
PT-2024-11236 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.45/5.12.12 Description: The issue arises when memory marked as EFI boot services data is not properly mapped as encrypted under SEV, potentially leading to a kernel crash at boot. This occurs because some...
Design/Logic Flaw
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
CVE-2021-1905
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
CVE-2021-1905
CVE-2021-1905 is a memory-management vulnerability (use-after-free) in Qualcomm Snapdragon chipsets caused by improper handling of memory mapping across multiple processes. Affects a broad range of Snapdragon products (Auto, Compute, Connectivity, IoT, Mobile, Wearables, etc.). The CVE is charact...
CVE-2021-1905
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
CVE-2021-1905
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Recent...
Qualcomm Chipsets 资源管理错误漏洞
The Qualcomm Component is a component of Qualcomm Incorporated USA. The intrinsic parts that provide the functionality of Qualcomm devices. A resource management error vulnerability exists in Qualcomm Chipsets, which stems from incorrect memory mapping for handling multiple processes at the same...
PT-2024-11139 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the spi-zynqmp-gqspi controller in the Linux kernel, which supports 44-bit address space on AXI in DMA mode. If the dma map single function fails, it...
PT-2021-8005 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mt76 dma tx queue skb raw function in the Linux kernel's mt76 component. It involves a potential DMA mapping leak due to the buf being uninitialized, which...
PT-2024-11131 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the mt76 module for the mt7915 device. The issue was related to the tx skb dma unmap, where the first pointer in...