kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry

A vulnerability was found in followpagepte in mm/gup.c in the Linux Kernel. This issue occurs due to a race problem which can poison the page table entry and cause a denial-of-service...

ALPINE-CVE-2023-34326

The caching invalidation guidelines from the AMD-Vi specification 48882—Rev 3.07-PUB—Oct 2022 is incorrect on some hardware, as devices will malfunction see stale DMA mappings if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory range...

kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry

A vulnerability was found in followpagepte in mm/gup.c in the Linux Kernel. This issue occurs due to a race problem which can poison the page table entry and cause a denial-of-service...

kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry

A vulnerability was found in followpagepte in mm/gup.c in the Linux Kernel. This issue occurs due to a race problem which can poison the page table entry and cause a denial-of-service...

kernel: highmem: fix checks in __kmap_local_sched_{in,out}

In the Linux kernel, the following vulnerability has been resolved: highmem: fix checks in kmaplocalschedin,out When CONFIGDEBUGKMAPLOCAL is enabled kmaplocalschedin,out check that even slots in the tsk-kmapctrl.pteval are unmapped. The slots are initialized with 0 value, but the check is done wi...

PT-2023-35044 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.8 Description: The issue concerns the handling of PTE markers in the hugetlb change protection function. It was introduced in version v5.19 and fixed in version v6.1.8. The actual impact and attack...

PT-2022-35155 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to a warning fix in the Linux Kernel without PTE MARKER UFFD WP compiled in. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linu...

DEBIAN-CVE-2022-1158

A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5416-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5416-1 advisory. Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in...

XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry

A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry

A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

SUSE SLES11 Security Update : xen (SUSE-SU-2020:14557-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14557-1 advisory. - A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing...

XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry

A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Qualcomm WLAN HOST Resource Management Error Vulnerability

Qualcomm WLAN HOST is a Qualcomm Incorporated USA wireless LAN component used in Qualcomm products. A resource management error vulnerability exists in the Qualcomm WLAN HOST, which arises from the possibility that an entry in the hash table could be deleted before a frame is placed in the PE que...

CVE-2020-27670

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service data corruption, cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated...

JITSploitation III: Subverting Control Flow

Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...

kernel: use-after-free in arch/x86/lib/insn-eval.c

A vulnerability was found in the arch/x86/lib/insn-eval.c function in the Linux kernel. An attacker could corrupt the memory due to a flaw in use-after-free access to an LDT entry caused by a race condition between modifyldt and a BR exception for an MPX bounds violation...

UBUNTU-CVE-2019-17344

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates...

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive

Introduction This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In Part One of the series, we covered the integration of the research in both Volatily and Rekall memory forensics tools. We...

UBUNTU-CVE-2019-9544

An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4CttsTableEntry::AP4CttsTableEntry located in Core/Ap4Array.h. It can be triggered by sending a crafted file to for example the mp42hls binary. It allows an attacker to cause Denial of Service Segmentation fault or...