34 matches found
CVE-2024-50139 KVM: arm64: Fix shift-out-of-bounds bug
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sysregs.c:1988:14 shift exponent 33 is too large f...
CVE-2022-48762
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we erroneously extract the data and addr register indices from ex-type rather than ex-data. As ex-type will contain EXTYPELOADUNALIGNEDZEROPAD...
CVE-2022-48762
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we erroneously extract the data and addr register indices from ex-type rather than ex-data. As ex-type will contain EXTYPELOADUNALIGNEDZEROPAD...
CVE-2022-48762 arm64: extable: fix load_unaligned_zeropad() reg indices
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we erroneously extract the data and addr register indices from ex-type rather than ex-data. As ex-type will contain EXTYPELOADUNALIGNEDZEROPAD...
CVE-2022-48762 arm64: extable: fix load_unaligned_zeropad() reg indices
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we erroneously extract the data and addr register indices from ex-type rather than ex-data. As ex-type will contain EXTYPELOADUNALIGNEDZEROPAD...
Exploit for Use After Free in Arm 5Th_Gen_Gpu_Architecture_Kernel_Driver
Exploit for CVE-2023-6241 The write up can be found hereh...
First handset with MTE on the market
By Mark Brand, Google Project Zero Introduction It's finally time for me to fulfill a long-standing promise. Since I first heard about ARM's Memory Tagging Extensions, I've said to far too many people at this point to be able to back out… that I'd immediately switch to the first available device...
MTE As Implemented, Part 1: Implementation Testing
By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. Through mid-2022 and early 2023, Project Zero had access to pre-production hardware implementing thi...
Summary: MTE As Implemented
By Mark Brand, Project Zero In mid-2022, Project Zero was provided with access to pre-production hardware implementing the ARM MTE specification. This blog post series is based on that review, and includes general conclusions about the effectiveness of MTE as implemented, specifically in the...
MTE As Implemented, Part 2: Mitigation Case Studies
By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. In Part 1 we discussed testing the technical and implementation limitations of MTE on the hardware...
GSD-2022-1007140 arm64: mte: move register initialization to C
arm64: mte: move register initialization to C This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.76 by commit...
GSD-2022-1006904 arm64: mte: move register initialization to C
arm64: mte: move register initialization to C This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1006903 arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored
arm64: mte: Avoid setting PGmtetagged if no tags cleared or restored This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
CVE-2008-5808
CVE-2008-5808 is an XSS vulnerability in Six Apart Movable Type products: Movable Type Enterprise (MTE) 1.x before 1.56, Movable Type (MT) 3.x before 3.38, and MTOS/Movable Type Enterprise 4.x before 4.23. The root cause is a cross-site scripting flaw that allows remote attackers to inject arbitr...