Google Pixel Security Breach

Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from the presence of uninitialized data in the handlemsgshmmapreq module of trusty/user/base/lib/spi/srv/tipc/tipc.c, which could allow for stack data disclosure...

RHEL 5 : dtach (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - dtach: Memory portion random stack data disclosure to the client by unclean client disconnect CVE-2012-3368 Note th...

PUB-A-324894484

In handlemsgshmmapreq of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-324894466

In hwbccnsdeprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-36032

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed...

CVE-2024-36032 Bluetooth: qca: fix info leak when fetching fw build id

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed...

CVE-2021-47477

CVE-2021-47477 is documented in connected advisories as a Linux kernel issue affecting comedi: dt9812. The root cause is DMA buffers being allocated on the stack for USB transfers; the fix allocates proper transfer buffers in the command helpers and returns an error on short transfers instead of ...

CVE-2021-47339

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers...

CVE-2021-47339

In CVE-2021-47339, the Linux kernel fix targets media: v4l2-core, addressing uninitialized kernel stack data that could be used as input for driver ioctl handlers due to mistakes in compat ioctl implementation. The resolution requires explicitly clearing the entire ioctl input buffer before conve...

CVE-2021-47339

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers...

CVE-2021-47339 media: v4l2-core: explicitly clear ioctl input data

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from uninitialized kernel stack data being used as input to the driver ioctl handler...

CVE-2022-48654

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...

CVE-2022-48654

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...

CVE-2022-48654 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...

glibc: Stack read overflow in getaddrinfo in no-aaaa mode

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

AZL-34732 CVE-2023-4527 affecting package glibc for versions less than 2.38-11

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

DEBIAN-CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

SUSE CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

glibc buffer error vulnerability

glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in glibc, which stems from the fact that when the getaddrinfo function is called using the AFUNSPEC address family and is configured in no-aaaa mode via /etc/resolv.conf, TCP DNS response...