CVE-2023-54157 binder: fix UAF of alloc->vma in race with munmap()

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit 015ac18be7de "binder: fix UAF of alloc-vma in race with munmap" in 5.10 stable. It is needed in mainline after the revert of commit...

CVE-2023-54157

CVE-2023-54157 concerns a Linux kernel Binder use-after-free (UAF) of alloc->vma caused by a race with munmap. The root cause cited across connected documents is that access to alloc->vma in binder_update_page_range() could race with vm_area_free() in munmap due to a previous downgrade of t...

Linux Distros Unpatched Vulnerability : CVE-2023-54157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit 015ac18be7de binder: fix UAF of alloc-vma in race with munmap in 5.10...

EUVD-2022-55683

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsicoexattach The coexcb needs to be freed when rsicreatekthread failed in rsicoexattach...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap In commit 720c24192404 "ANDROID: binder: change downwrite to downread" binder assumed the mmap read lock is sufficient to protect alloc-vma inside binderupdatepagerange. This used ...

Linux Distros Unpatched Vulnerability : CVE-2022-50471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized PV Xen...

SUSE CVE-2022-50471

In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized PV Xen domains: User process sets up a gntdev mapping composed of two grant...

CVE-2022-50471 xen/gntdev: Accommodate VMA splitting

In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized PV Xen domains: User process sets up a gntdev mapping composed of two grant...

EUVD-2022-27225

Malicious code in bioql PyPI...

EUVD-2022-55512

Malicious code in bioql PyPI...

EUVD-2022-55517

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-50240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmaplock for later use. This is unsafe and there are a number ...

Linux Distros Unpatched Vulnerability : CVE-2022-50338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - binder: fix UAF of alloc-vma in race with munmap In commit 720c24192404 ANDROID: binder: change downwrite to downread binder assumed the mmap read lock is...

DEBIAN-CVE-2022-50338

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap In commit 720c24192404 "ANDROID: binder: change downwrite to downread" binder assumed the mmap read lock is sufficient to protect alloc-vma inside binderupdatepagerange. This used ...

CVE-2022-50338

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2022-50338

...

CVE-2022-50338

The CVE-2022-50338 entry concerns a Linux kernel binder UAF in a race between binder_update_page_range() and munmap() that can access alloc->vma after it is freed. Affected component: kernel Binder in Linux kernel (stable branches 5.4 and 5.10). Root cause: improper locking around mmap/vma han...

DEBIAN-CVE-2022-50240

In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmaplock for later use. This is unsafe and there are a number of failure paths after the recorded VMA pointer may be freed during...

CVE-2022-50240

In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmaplock for later use. This is unsafe and there are a number of failure paths after the recorded VMA pointer may be freed during...

CVE-2022-50240 android: binder: stop saving a pointer to the VMA

In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmaplock for later use. This is unsafe and there are a number of failure paths after the recorded VMA pointer may be freed during...