EUVD-2019-13457

Malware in sbrugna...

Sudoku: Decomposing DRAM Address Mapping into Component Functions

Decomposing DRAM address mappings into component-level functions is critical for understanding memory behavior and enabling precise RowHammer attacks, yet existing reverse-engineering methods fall short. We introduce novel timing-based techniques leveraging DRAM refresh intervals and consecutive...

RHEL 8 : kernel (RHSA-2024:0412)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0412 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf: Incorrect verifier prunin...

Oracle Linux 6 : thunderbird (ELSA-2020-0574)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0574 advisory. 68.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 68.5.0-1 - Update to 68.5.0 build1 Tenable has...

SUSE CVE-2022-0330

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system...

SUSE CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12119)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12119 advisory. - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM Luiz Augusto von Dentz CVE-2022-42896 - drm/i915: fix TLB invalidation for...

Information Disclosure

kernel is vulnerable to Information Disclosure. A local user is able to read random memory from the kernel space due to the way a user calls DMAFROMDEVICE...

kernel: i915: Incorrect GPU TLB flush can lead to random memory access

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system...

kernel: i915: Incorrect GPU TLB flush can lead to random memory access

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system...

httpd: mod_lua: Use of uninitialized value of in r:parsebody

A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2506)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.3.6)

The version of AOS installed on the remote host is prior to 5.20.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.3.6 advisory. - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - In Expat aka libexpat...

Amazon Linux 2022 : httpd, httpd-core, httpd-devel (ALAS2022-2022-053)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-053 advisory. A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The...

RUSTSEC-2022-0049 Use after free in MacOS / iOS implementation

In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced. The copied system time zone was released before its name was copied. If the system time zone was changed between the call of CFRelease and str::toowned, random memory would be copied...

SUSE-SU-2022:1637-1 Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-2499 fixes several issues. The following security issues were fixed: - - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address bsc1198133 - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kern...

AMD System Management Unit 安全漏洞

The AMD System Management Unit SMU is a system management unit at UltraMicroelectronics AMD. A security vulnerability exists in the AMD System Management Unit that stems from a TOCTOU in the System Management Unit SMU that can lead to a denial of service due to a DMA direct memory access to an...

SUSE-SU-2022:1589-1 Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19799 fixes one issue. The following security issue was fixed: - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local...

CVE-2022-0854

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the kernel space...

CVE-2022-0854

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the kernel space...