142 matches found
CVE-2025-38584 padata: Fix pd UAF once and for all
In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padatareorder that goes back to the initial commit. A reference count is taken at the start of the process in padatadoparallel, and released at the end in...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: xfrm: state: fix out-of-bounds read during lookup lookup and resize can run in parallel. The xfrmstatehashgeneration seqlock ensures a retry, but the hash functions can observe a hmask value that is too large for the new hlist...
CVE-2024-6612
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2013-0978
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code...
OESA-2025-1344 arm-trusted-firmware security update
Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...
OESA-2025-1345 arm-trusted-firmware security update
Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...
OESA-2025-1343 arm-trusted-firmware security update
Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...
OESA-2025-1342 arm-trusted-firmware security update
Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...
SUSE CVE-2024-57982
In the Linux kernel, the following vulnerability has been resolved: xfrm: state: fix out-of-bounds read during lookup lookup and resize can run in parallel. The xfrmstatehashgeneration seqlock ensures a retry, but the hash functions can observe a hmask value that is too large for the new hlist...
DEBIAN-CVE-2024-7881
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...
CVE-2024-7881
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...
CVE-2024-7881
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...
UBUNTU-CVE-2024-7881
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...
CVE-2024-7881
CVE-2024-7881 affects Arm Trusted Firmware-A (ATF) for Arm A‑Profile architectures. The flaw allows an unprivileged context to trigger a data memory‑dependent prefetch that fetches contents from a privileged location and uses those contents as an address that is dereferenced. This is a local issu...
CVE-2024-7881
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...
CVE-2024-7881
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...
CVE-2024-7881
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...
ARM CPU 安全漏洞
ARM CPUs are a family of central processors from the British company ARM. The ARM CPUs suffer from a security vulnerability that stems from the fact that an unprivileged context can trigger a data memory-related prefetch engine to fetch the contents of a privileged location and use those contents...
PT-2025-3695
Name of the Vulnerable Software and Affected Versions arm64 CPU affected versions not specified Description The issue allows an unprivileged context to trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is...
SUSE CVE-2024-53098
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...