PT-2020-17638 · Rust · Lever

Name of the Vulnerable Software and Affected Versions: lever crate versions prior to 0.1.1 Description: The issue concerns the implementation of the Send and Sync traits for all types T by AtomicBox, which is designed for use across threads. This implementation allows non-Send types, such as Rc,...

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

Google Chrome 73.0.3683.103 - WasmMemoryObject::Grow Use-After-Free Exploit

Google Chrome 73.0.3683.103 - WasmMemoryObject::Grow Use-After-Free Exploit memoryobject, uint32t pages ... Handle newbuffer; if oldbuffer-isshared // Adjust protections for the buffer. if !AdjustBufferPermissionsisolate, oldbuffer, newsize return -1; void backingstore = oldbuffer-backingstore; i...

CVE-2018-5148

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.7.3 and Firefox 59.0.2...

CVE-2015-1158

The addjob function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted 1 IPPCREATEJOB or 2 IPPPRINTJOB...