kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications

A flaw was found in the Linux kernel’s scheduler, where it can allow attackers to cause a denial of service against non-CPU-bound applications by generating a workload that triggers unwanted scheduling slice expiration. A local attacker who can trigger a specific workload type could abuse this...

Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect

The affected version of rulinalg has incorrect lifetime boundary definitions for RowMut::rawslice and RowMut::rawslicemut. They do not conform with Rust's borrowing rule and allows the user to create multiple mutable references to the same location. This may result in unexpected calculation resul...

aiowrap (=0.1.0), ambisonic (>=0.1.0 <=0.3.1) +157 more potentially affected by unknown CVE via slice-deque (>=0.1.16 <=0.3.0)

slice-deque CARGO version =0.1.16, =0.1.0, =0.8.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.8.0, =0.3.0, =0.3.0, =0.4.0, =0.8.0, =0.15.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0158...

slice-deque is unmaintained

The author of the slice-deque crate is unresponsive and is not receiving security patches. Maintained alternatives: - slice-ring-buffer...

RUSTSEC-2020-0158 slice-deque is unmaintained

The author of the slice-deque crate is unresponsive and is not receiving security patches. Maintained alternatives: - slice-ring-buffer...

mruby memory misreference vulnerability

mruby is a lightweight implementation of the Ruby language that conforms to a portion of the ISO standard. A post-release reuse vulnerability exists in mruby 2.1.0 in mrbgems/mruby-hash-ext/src/hash-ext.c in hashslice. No detailed vulnerability details are provided at this time...

CVE-2020-6840

In mruby 2.1.0, there is a use-after-free in hashslice in mrbgems/mruby-hash-ext/src/hash-ext.c...

DEBIAN-CVE-2019-19922

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfsquotaus is used e.g., with Kubernetes, allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. In other words, althoug...

CVE-2019-19922

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfsquotaus is used e.g., with Kubernetes, allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. In other words, althoug...

Code injection

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfsquotaus is used e.g., with Kubernetes, allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. In other words, althoug...

UBUNTU-CVE-2019-19922

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfsquotaus is used e.g., with Kubernetes, allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. In other words, althoug...

CVE-2019-19922

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfsquotaus is used e.g., with Kubernetes, allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. In other words, althoug...

CVE-2019-19922

CVE-2019-19922 affects the Linux kernel sched subsystem (kernel/sched/fair.c) and is triggered when cpu.cfs_quota_us is in use (e.g., with Kubernetes). The issue allows a local attacker to cause a denial of service for non–CPU-bound applications by generating work that triggers slice expiration, ...

CVE-2019-2222

n ihevcdparseslicedata of ihevcdparseslice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8...

CVE-2019-2175

In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2019-15543

An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases...

CVE-2019-15543

An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases...

CVE-2018-20995

An issue was discovered in the slice-deque crate before 0.1.16 for Rust. moveheadunchecked allows memory corruption because deque updates are mishandled...

CVE-2018-20995

An issue was discovered in the slice-deque crate before 0.1.16 for Rust. moveheadunchecked allows memory corruption because deque updates are mishandled...

Memory corruption

An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases...