61 matches found
CVE-2023-53135 riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
In the Linux kernel, the following vulnerability has been resolved: riscv: Use READONCENOCHECK in imprecise unwinding stack mode When CONFIGFRAMEPOINTER is unset, the stack unwinding function walkstackframe randomly reads the stack and then, when KASAN is enabled, it can lead to the following...
CVE-2023-53135
The CVE-2023-53135 entry describes a Linux kernel vulnerability in riscv where, if CONFIG_FRAME_POINTER is unset, the stack unwinding function walk_stackframe may read the stack non-atomically in imprecise unwinding mode, enabling a KASAN-detected stack-out-of-bounds condition. The identified fix...
CVE-2023-53135 riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
In the Linux kernel, the following vulnerability has been resolved: riscv: Use READONCENOCHECK in imprecise unwinding stack mode When CONFIGFRAMEPOINTER is unset, the stack unwinding function walkstackframe randomly reads the stack and then, when KASAN is enabled, it can lead to the following...
PT-2025-18899 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: The issue is related to the Linux kernel's stack unwinding function, walk stackframe, which can lead to a stack-out-of-bounds error when CONFIG FRAME POINTER is unset and KASAN is...
SUSE CVE-2023-52828
In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpfthrow kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead code elimination in unprecedented ways. For one...
CVE-2023-52828
In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpfthrow kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead code elimination in unprecedented ways. For one...
CVE-2023-52828
CVE-2023-52828 (Linux kernel) : The vulnerability arises from BPF verifier handling after a bpf_throw call. Because bpf_throw is the first noreturn call in the verifier, dead code elimination causes subsequent instructions to be treated as unseen, which can affect stack unwinding when a program t...
CVE-2023-52828 bpf: Detect IP == ksym.end as part of BPF program
In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpfthrow kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead code elimination in unprecedented ways. For one...
PT-2023-9747 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the BPF Berkeley Packet Filter program in the Linux kernel. When the bpf throw kfunc is called, it triggers dead code elimination in an unprecedented way, causi...
SilentMoonwalk - PoC Implementation Of A Fully Dynamic Call Stack Spoofer
PoC Implementation of a fully dynamic call stack spoofer TL;DR SilentMoonwalk is a PoC implementation of a fully dynamic call stack spoofer, implementing a technique to remove the original caller from the call stack, using ROP to desynchronize unwinding from control flow. Authors This PoC is the...
SUSE: Security Advisory (SUSE-SU-2021:14771-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:14771-1 Security update for sqlite3
This update for sqlite3 fixes the following issues: - CVE-2019-20218: Fixed a stack unwinding flaw in the selectExpander after a parsing error. bsc1160439...
SUSE: Security Advisory (SUSE-SU-2021:2320-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error...
EulerOS Virtualization 3.0.2.2 : sqlite (EulerOS-SA-2020-2197)
According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the...
EulerOS 2.0 SP2 : sqlite (EulerOS-SA-2020-1624)
According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect...
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1434)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)
According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL...
DEBIAN-CVE-2019-20218
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error...
UBUNTU-CVE-2019-20218
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error...