CVE-2024-21639

CEF Chromium Embedded Framework is a simple framework for embedding Chromium-based browsers in other applications. CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patche...

CVE-2024-21639 OOB Access in CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory

CEF Chromium Embedded Framework is a simple framework for embedding Chromium-based browsers in other applications. CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patche...

Chromium Embedded Framework (CEF) Buffer Error Vulnerability

Chromium Embedded Framework CEF is a simple framework for Chromium Embedded Framework open source. It is used to embed Chromium-based browsers in other applications. Chromium Embedded Framework CEF suffers from a buffer error vulnerability that stems from CefLayeredWindowUpdaterOSR...

PT-2023-9276 · Qualcomm · Qualcomm Embedded Platform

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to a memory corruption problem when allocating and accessing an entry in an SMEM partition. It is also described as a vulnerability in the...

kernel: virt/coco/sev-guest: Double-buffer messages

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...

kernel: mm/mempolicy: fix mpol_new leak in shared_policy_replace

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace If mpolnew is allocated but not used in restart loop, mpolnew will be freed via mpolput before returning to the caller. But refcnt is not initialized yet, so mpolput could not...

kernel: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths

In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers to ensure that secondary MMUs like KVM don't keep accessing pages which aren't mapped anymore...

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM...

Information disclosure

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM...

CVE-2023-28554 Buffer Over-read in Qualcomm IPC

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM...

CVE-2023-28554 Buffer Over-read in Qualcomm IPC

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM...

CVE-2023-28554

CVE-2023-28554 concerns Qualcomm IPC. Connected sources describe an information-disclosure vulnerability arising when reading values from shared memory inside a VM, attributed to a buffer over-read in the Qualcomm IPC path. The issue impacts confidentiality and is characterized with local access ...

PT-2023-21801 · Qualcomm · Qualcomm Ipc

Name of the Vulnerable Software and Affected Versions: Qualcomm IPC affected versions not specified Description: The issue is related to information disclosure in Qualcomm IPC when reading values from shared memory in a virtual machine. Recommendations: At the moment, there is no information abou...

CVE-2022-27813

Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the...

Motorola MTM5000 Security Vulnerability

The Motorola MTM5000 is a mobile radio from Motorola, USA. The Alcatel MTM5000 suffers from a security vulnerability that stems from the lack of properly configured memory protection for shared pages between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and...

PT-2023-12916 · Motorola · Motorola Mtm5000

Name of the Vulnerable Software and Affected Versions: Motorola MTM5000 series firmwares affected versions not specified Description: The issue concerns a lack of properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores in Motorola MTM5000 series firmwares. Th...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

VulnCheck KEV: CVE-2023-33107

Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call...

kernel: virt/coco/sev-guest: Double-buffer messages

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...