34 matches found
CVE-2026-10669 Xtensa MPU `arch_buffer_validate()` integer-overflow lets a user thread bypass syscall pointer validation
On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...
EUVD-2021-30857
Malicious code in bioql PyPI...
EUVD-2024-25270
Malicious code in bioql PyPI...
CVE-2021-43997
FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected code to achieve...
CVE-2024-28115
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affe...
Code injection
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affe...
CVE-2024-28115 Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affe...
CVE-2024-28115
CVE-2024-28115 concerns FreeRTOS Kernel versions through 10.6.1, where local privilege escalation is possible via Return Oriented Programming if code injection/execution is possible. Affected are ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled (configENABLE_MPU=1). The issue is fixed...
CVE-2024-28115 Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affe...
PT-2023-8934 · Unknown · Freertos Kernel
Name of the Vulnerable Software and Affected Versions: FreeRTOS Kernel versions through 10.6.1 Description: The issue is related to insufficient protection against local privilege escalation via Return Oriented Programming techniques, should a vulnerability exist that allows code injection and...
ohne-mpu-mobil.de Cross Site Scripting vulnerability OBB-3410927
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Memory corruption
In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753...
PT-2022-21419 · Mpu · Mpu
Name of the Vulnerable Software and Affected Versions: mpu affected versions not specified Description: The issue is related to a possible memory corruption due to a logic error in mpu. This could lead to local escalation of privilege with System execution privileges needed. User interaction is n...
CVE-2022-32620
CVE-2022-32620 affects MediaTek’s mpu component, caused by a logic error that can cause memory corruption. This may enable local escalation of privilege to System level with no user interaction required. Patch ALPS07541753 (Issue ALPS07541753) is referenced; exploitation status is not detailed in...
CVE-2022-32620
In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753...
CVE-2022-26436
In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666...
CVE-2022-26436
In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666...
CVE-2022-26436
In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666...
CVE-2022-26436
The vulnerability CVE-2022-26436 affects the emi mpu component and is caused by a missing bounds check, leading to an out-of-bounds read. This can lead to local information disclosure with System execution privileges required, and no user interaction is needed. A patch identified as ALPS07023666 ...
PT-2022-17845 · Emi Mpu · Emi Mpu
Name of the Vulnerable Software and Affected Versions: emi mpu affected versions not specified Description: The issue is related to a missing bounds check, which could lead to an out of bounds read. This might result in local information disclosure, requiring System execution privileges for...