Amazon Linux 2 : firefox (ALASFIREFOX-2024-030)

The version of firefox installed on the remote host is prior to 115.14.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-030 advisory. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be...

Fedora 39 : apr (2024-318343049c)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-318343049c advisory. This update to the apr package fixes a security issue in the handling of shared memory permissions. SECURITY: CVE-2023-49582: Apache Portable Runtime APR:...

CVE-2024-46689 soc: qcom: cmd-db: Map shared memory as WC, not WB

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected...

CVE-2024-46689

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mapping shared memory as WC instead of WB, which could lead to a security outage and an infinite loop in the...

kernel: mm: cachestat: fix two shmem bugs

CVE-2024-35797 is a vulnerability in the Linux kernel’s memory management, specifically affecting the cachestat feature when handling shared memory. The flaw stems from race conditions during operations like swapping or invalidation, which can lead to out-of-bounds memory access or invalid pointe...

The vulnerability of the _umtx_op system call in FreeBSD allows a hacker to execute arbitrary code.

The vulnerability of the umtxop system call in FreeBSD systems is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using the UMTXOPSHM operation...

MGASA-2024-0292 Updated apr packages fix security vulnerability

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. CVE-2023-49582...

Fedora: Security Advisory (FEDORA-2024-b40491b84b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6995-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

CVE-2024-43102

Concurrent removals of certain anonymous shared memory mappings by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTXSHMDESTROY...

CVE-2024-43102 umtx Kernel panic or Use-After-Free

Concurrent removals of certain anonymous shared memory mappings by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTXSHMDESTROY...

CVE-2024-43102 umtx Kernel panic or Use-After-Free

Concurrent removals of certain anonymous shared memory mappings by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTXSHMDESTROY...

CVE-2024-43102

CVE-2024-43102 describes a kernel-level issue in FreeBSD involving concurrent removals of anonymous shared memory mappings via the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM. The root cause is that the reference count for the mapping object can be decremented too many times, causing premature fr...

FreeBSD-SA-24:14.umtx

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:14.umtx Security Advisory The FreeBSD Project Topic: umtx Kernel panic or Use-After-Free Category: core Module: kern Announced: 2024-09-04 Credits: Synacktiv...

PT-2024-5986

Name of the Vulnerable Software and Affected Versions: FreeBSD affected versions not specified NetApp ONTAP 9 formerly Clustered Data ONTAP PlayStation 5 versions prior to 7.61 Description: A use-after-free vulnerability exists in the umtx op system call within FreeBSD. This vulnerability arises...

Fedora 40 : apr (2024-b40491b84b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b40491b84b advisory. This update to the apr package fixes a security issue in the handling of shared memory permissions. SECURITY: CVE-2023-49582: Apache Portable Runtime APR:...

CVE-2023-49582

A flaw was found in the Apache Portable Runtime APR library. This issue allows local users to read named shared memory segments due to incorrect permissions, potentially revealing sensitive application data...

DEBIAN-CVE-2023-49582

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APRUSESHMEMSHMGET=1 apr.h Users are...

AZL-48273 CVE-2023-49582 affecting package apr for versions less than 1.7.5-1

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APRUSESHMEMSHMGET=1 apr.h Users are...