158 matches found
CVE-2020-11242
User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile...
CVE-2024-22004
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application...
nvmet-auth: assign dh_key to NULL after kfree_sensitive
...
The vulnerability of the SMEM partition in Qualcomm’s security microprogramming software allows attackers to disclose protected information.
The vulnerability of the SMEM microprogramming software for Qualcomm processors lies in reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...
Golang-fips: golang fips zeroed buffer
...
CLSA-2024-1731933167 kernel: Fix of 36 CVEs
smb: client: fix use-after-free in smb2queryinfocompound CVE-2023-52751 - smb: client: prevent new fids from being removed by laundromat CVE-2023-52751 - cifs: fix dentry lookups in directory handle cache CVE-2023-52751 - uprobe: avoid out-of-bounds memory access of fetching args CVE-2024-50067 -...
hw: arm64/sme: Always exit sme_alloc() early with existing storage
In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...
kernel: hw:amd: Incomplete system memory cleanup in SEV firmware corrupt guest private memory
A flaw was found in hw in the SNP-SEV firmware. This flaw could allow a privileged attacker to corrupt a guest's private memory, potentially resulting in the loss of data integrity of the guest...
AMD SEV-SNP 安全漏洞
AMD SEV-SNP is a secure encrypted virtualization firmware from UltraMicroelectronics AMD. A single key is used to encrypt system memory. AMD SEV-SNP suffers from a security vulnerability that stems from an improper restriction on write operations causing a malicious hypervisor to overwrite the...
DEBIAN-CVE-2023-52684
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be freed...
PT-2024-14692 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to memory leaks in error paths in the Linux kernel, specifically in the qseecom firmware component. The problem occurs when error codes are returned directly inste...
CVE-2024-22004
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application...
CVE-2024-22004
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application...
CVE-2024-22004
The CVE-2024-22004 entry affects Google Nest Wifi and a Linux Nonsecure OS. Root cause: an unchecked length issue in the Trusted Application path allows a privileged attacker to trigger a vulnerability. The described effect is leakage of secure memory from the Trusted Application, with a related ...
Google Nest 缓冲区错误漏洞
Google Nest is a smart home product by Google, an American company. A security vulnerability exists in Google Nest. An attacker exploited the vulnerability to leak the secure memory of a trusted application...
DEBIAN-CVE-2024-26618
In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...
CVE-2023-4020
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory...
Design/Logic Flaw
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory...
CVE-2023-4020 Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory...
Silicon Labs TrustZone Input Validation Error Vulnerability
Silicon Labs TrustZone is a security software technology from Silicon Labs, Inc. Silicon Labs TrustZone suffers from an input validation error vulnerability that arises from a library function that does not perform user input validation, which could allow an attacker to read from a non-secure...