CVE-2023-28554 Buffer Over-read in Qualcomm IPC

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM...

CVE-2023-28554

CVE-2023-28554 concerns Qualcomm IPC. Connected sources describe an information-disclosure vulnerability arising when reading values from shared memory inside a VM, attributed to a buffer over-read in the Qualcomm IPC path. The issue impacts confidentiality and is characterized with local access ...

PT-2023-21801 · Qualcomm · Qualcomm Ipc

Name of the Vulnerable Software and Affected Versions: Qualcomm IPC affected versions not specified Description: The issue is related to information disclosure in Qualcomm IPC when reading values from shared memory in a virtual machine. Recommendations: At the moment, there is no information abou...

CVE-2022-27813

Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the...

PT-2023-12916 · Motorola · Motorola Mtm5000

Name of the Vulnerable Software and Affected Versions: Motorola MTM5000 series firmwares affected versions not specified Description: The issue concerns a lack of properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores in Motorola MTM5000 series firmwares. Th...

Motorola MTM5000 Security Vulnerability

The Motorola MTM5000 is a mobile radio from Motorola, USA. The Alcatel MTM5000 suffers from a security vulnerability that stems from the lack of properly configured memory protection for shared pages between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

VulnCheck KEV: CVE-2023-33107

Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call...

kernel: virt/coco/sev-guest: Double-buffer messages

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...

CVE-2023-33990

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a...

CVE-2023-33990

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a...

CVE-2023-33990 Denial of Service (DoS) vulnerability in SAP SQL Anywhere

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a...

PT-2023-4104 · Sap · Sap Sql Anywhere

Name of the Vulnerable Software and Affected Versions: SAP SQL Anywhere version 17.0 Description: The issue allows an attacker to prevent legitimate users from accessing the service by crashing it. An attacker with a low-privileged account and access to the local system can write into shared memo...

CVE-2023-26085

A possible out-of-bounds read and write due to an improper length check of shared memory was discovered in Arm NN Android-NN-Driver before 23.02...

CVE-2023-26085

A possible out-of-bounds read and write due to an improper length check of shared memory was discovered in Arm NN Android-NN-Driver before 23.02...

Out-of-bounds

A possible out-of-bounds read and write due to an improper length check of shared memory was discovered in Arm NN Android-NN-Driver before 23.02...

Qualcomm Adreno/KGSL Data Leakage

Qualcomm Adreno/KGSL: pages can be freed to page pool while having GPU references on !CONFIGQCOMKGSLUSESHMEM Tested on a Pixel 4 again with a slightly outdated version of KGSL. I ordered a Pixel 5a but don't have it yet... On KGSL builds where CONFIGQCOMKGSLUSESHMEM is not set or on older KGSL...

kernel: drm/virtio: improper return value check in virtio_gpu_object_shmem_init()

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the drmgemshmemgetsgtable return value expects it to be NULL in the error case, whereas it is actually an error pointer...

device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to...