CVE-2021-28691

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...

CVE-2021-28691

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...

GSD-2021-1000822 xen-netback: take a reference to the RX task thread

xen-netback: take a reference to the RX task thread This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit...

UVI-2021-1000822 xen-netback: take a reference to the RX task thread

xen-netback: take a reference to the RX task thread This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit...

GSD-2021-1000787 xen-netback: take a reference to the RX task thread

xen-netback: take a reference to the RX task thread This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commit...

UVI-2021-1000787 xen-netback: take a reference to the RX task thread

xen-netback: take a reference to the RX task thread This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commit...

CVE-2021-0565

In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

Design/Logic Flaw

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior ...

Arbitrary Code Execution

libwebp is vulnerable to arbitrary code execution. A use-after-free when a thread is killed earlier than expected allows an attacker to execute arbitrary code on the host OS...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Guest triggered use-after-free in Linux xen-netback

ISSUE DESCRIPTION A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux...

Researchers Discover First Known Malware Targeting Windows Containers

Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

PT-2024-11163

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the xen-netback component in the Linux kernel, where a reference to the RX task thread needs to be taken to prevent the task from being freed if the thread return...

Security Advisory - Race Condition Vulnerability in Some Huawei Products

There is a race condition vulnerability in some Huawei products. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. Vulnerability ID: HWPSIRT-2020-05257 This vulnerabili...

OPENSUSE-SU-2021:0822-1 Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly

This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues: gstreamer was updated to version 1.16.3 bsc1181255: - delay creation of threadpools - bin: Fix deep-element-removed log message - buffer: fix meta...

CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly unspecified other impact...