70 matches found
USN-5683-1: Linux kernel (IBM) vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Selim En...
USN-5682-1: Linux kernel (AWS) vulnerabilities
It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2...
USN-5678-1: Linux kernel vulnerabilities
It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...
USN-5624-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-kvm, linux-lowlatency vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...
USN-5624-1: Linux kernel vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...
CVE-2020-11175
u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in...
Design/Logic Flaw
u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in...
CVE-2020-11175
u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in...
CVE-2020-11175
The CVE-2020-11175 entry describes a use-after-free vulnerability in the Bluetooth transport driver where a method may be invoked on an object after it has been deleted due to improper timer handling. Affected products include Qualcomm/closed-source components for Snapdragon platforms (e.g., Snap...
kernel: use-after-free in sound/core/timer.c
A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct sndtimerinstance function fails the timer-maxinstances check leading to an invalid address. This could lead to a use-after-free vulnerability...
CVE-2011-2807
CVE-2011-2807 concerns WebKit in Google Chrome prior to Blink M13, caused by an incorrect handling of timer information in Timer.cpp. The vulnerability affects the timer logic within WebKit used by Chrome, with the NVD entry noting an impact on availability (PARTIAL) and no confidentiality/integr...
UBUNTU-CVE-2018-17468
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page...
CVE-2018-17468
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page...
CVE-2018-17468
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page...
OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)
The remote OracleVM system is missing necessary patches to address critical security updates : - dm: fix race between dmgetfromkobject and dmdestroy Hou Tao CVE-2017-18203 - drm: udl: Properly check framebuffer mmap offsets Greg Kroah-Hartman Orabug: 27986407 CVE-2018-8781 - kernel/exit.c: avoid...
CVE-2018-4123
CVE-2018-4123 affects Apple iOS before 11.3, specifically the Clock component’s alarm/timer handling. The issue is an information-disclosure vulnerability that could allow a physically proximate attacker to obtain the iTunes email address. The root cause is described as an information-disclosure ...
Ubuntu 12.04 LTS : linux vulnerabilities (USN-3021-1)
Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service system crash. CVE-2016-3951 Kangji...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3018-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3018-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3016-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3016-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...
USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities
Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...