OSV-2021-578 Stack-use-after-return in v9fs_string_free

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32624 Crash type: Stack-use-after-return READ 8 Crash state: v9fsstringfree v9fsxattrwalk coroutinetrampoline...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9087)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9087 advisory. - ovl: verify permissions in ovlpathopen Miklos Szeredi Orabug: 32435220 CVE-2020-16120 - ovl: switch to mounter creds in readdir Miklos Szeredi Orabug...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9086)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9086 advisory. - xen-blkback: fix error handling in xenblkbkmap Jan Beulich Orabug: 32492109 CVE-2021-26930 - xen-scsiback: dont 'handle' error by BUG Jan Beulich...

EulerOS 2.0 SP2 : tigervnc (EulerOS-SA-2021-1369)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. ...

Huawei EulerOS: Security Advisory for tigervnc (EulerOS-SA-2021-1369)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OSV-2021-269 Stack-use-after-return in sta_prop_equal_fn

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30192 Crash type: Stack-use-after-return READ 6 Crash state: stapropequalfn wmemmapinsert dissectieeeNUMBERcommon...

CentOS 8 : tigervnc (CESA-2020:1497)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1497 advisory. - tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder CVE-2019-15691 - tigervnc: Heap buffer overflow triggered from...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.12 and fixes at least the following security issues: fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPL...

CVE-2021-3347

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458...

CVE-2021-3347

CVE-2021-3347 is a Linux kernel use-after-free in PI futex fault handling that could allow a local user to crash the kernel or escalate privileges. Multiple connected advisories confirm the issue and indicate fixes have been released across distributions (e.g., generic kernel updates and kernel l...

CVE-2021-3347

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458...

OSV-2018-106 Stack-use-after-return in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10082 Crash type: Stack-use-after-return READ 1 Crash state: BEInt::operator unsigned short OT::CoverageFormat2::Iter::more OT::SingleSubstFormat2::closure...

ASB-A-158063095

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

OSV-2020-2254 Stack-use-after-return in insert_pin

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 Crash type: Stack-use-after-return READ 1 Crash state: insertpin detectidkey scpkcs15emutcosinitex...

serenity:FuzzICOLoader: Stack-use-after-return in AK::Vector<unsigned char, 0ul>::clear_with_capacity

Detailed Report: https://oss-fuzz.com/testcase?key=4888328016756736 Project: serenity Fuzzing Engine: libFuzzer Fuzz Target: FuzzICOLoader Job Type: libfuzzerasanserenity Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f38f034ea70 Crash State:...

OSV-2020-2131 Stack-use-after-return in solidity::smtutil::CHCSmtLib2Interface::querySolver

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26997 Crash type: Stack-use-after-return READ 8 Crash state: solidity::smtutil::CHCSmtLib2Interface::querySolver solidity::smtutil::CHCSmtLib2Interface::query solidity::frontend::CHC::query...

Amazon Linux 2 : tigervnc (ALAS-2020-1552)

The version of tigervnc installed on the remote host is prior to 1.8.0-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1552 advisory. TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack...

Scientific Linux Security Update : tigervnc on SL7.x x86_64 (20201001)

Security Fixes : - tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder CVE-2019-15691 - tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks CVE-2019-15692 - tigervnc: Heap buffer overflow in TightDecoder::FilterGradient...

CentOS 7 : tigervnc (RHSA-2020:3875)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3875 advisory. - TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If...

Stack Use-after-return

tigervnc is vulnerable to stack use-after-return. It is triggered due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding...