CVE-2020-10773

CVE-2020-10773 is a local-information-disclosure flaw in the Linux kernel for s390/s390x memory-management. The issue stems from incorrect writes to the /proc/sys/vm/cmm_timeout file, enabling a local attacker to read kernel data. The provided documents confirm the vulnerability and its affected ...

CVE-2020-10773

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...

SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1)

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an...

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1109-1)

This update for webkit2gtk3 to version 2.28.1 fixes the following issues : Security issues fixed : CVE-2020-10018: Fixed a denial of service because the mdeferredFocusedNodeChange data structure was mishandled bsc1165528. CVE-2020-11793: Fixed a potential arbitrary code execution caused by a...

OPPO ColorOS Information Disclosure Vulnerability

OPPO ColorOS is a suite of Android-based operating systems for mobile devices from China's OPPO Guangdong Mobile Communications OPPO. An information disclosure vulnerability exists in the AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP file in OPPO ColorOS. The...

CVE-2020-11494

A flaw was discovered in slcbump in drivers/net/can/slcan.c in CAN Communication Protocol. It allows a local attacker with special user privilege or root to read sensitive kernel stack information considering CONFIGINITSTACKALL is not enabled when a partially initialized data structure is exposed...

CVE-2020-0048

In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:...

Stack overflow

In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:...

CVE-2020-0048

CVE-2020-0048 affects Android 10 Media Framework (IAudioFlinger.cpp). The root cause is an information leak due to uninitialized data in onTransact, enabling local information disclosure without extra privileges or user interaction. The risk is described as a local information disclosure vulnerab...

CVE-2020-0048

In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:...

CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

CVE-2018-1991

IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284...

USN-3821-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system crash. CVE-2018-10880 It...

Security Bulletin: Vulnerabilities in QEMU affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in QEMU. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-5105 DESCRIPTION: QEMU, built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, is vulnerable to a denial of service, caused by a stack...

CentOS 6 : kernel (CESA-2018:1319) (Meltdown)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180508) (Meltdown)

Security Fixes : - hw: cpu: speculative execution permission faults handling CVE-2017-5754 - Kernel: error in exception handling leads to DoS CVE-2018-8897 - kernel: nfsd: Incorrect handling of long RPC replies CVE-2017-7645 - kernel: Use-after-free vulnerability in DCCP socket CVE-2017-8824 -...

kernel: Stack information leak in the EFS element

A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space...

Important: Red Hat Security Advisory: kernel-alt security, bug fix, and enhancement update

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

CVE-2017-1086

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptracelwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure...

Fedora 23 : 2:qemu (2016-73853a7a16)

CVE-2016-4002: net: buffer overflow in MIPSnet bz 1326083 - CVE-2016-4952 scsi: pvscsi: out-of-bounds access issue - CVE-2016-5106: scsi: megasas: out-of-bounds write bz 1339581 - CVE-2016-5105: scsi: megasas: stack information leakage bz 1339585 - CVE-2016-5107: scsi: megasas: out-of-bounds read...