CVE-2020-36526

CVE-2020-36526 affects Countdown Timer (widget for Confluence) via the Macro Handler, enabling remote cross-site scripting. Connected sources identify a concrete instance: Countdown Timer version 1.7.0 is vulnerable; exploitation is remote and user interaction is required per the CVE description ...

kernel security and bug fix update

3.10.0-1160.66.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64 = 15-2.0.9 - Update oraclekernel-sig-key...

GSD-2022-1002071 tipc: fix the timer expires after interval 100ms

tipc: fix the timer expires after interval 100ms This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...

GSD-2022-1002025 rxrpc: Fix call timer start racing with call destruction

rxrpc: Fix call timer start racing with call destruction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...

GSD-2022-1001819 tipc: fix the timer expires after interval 100ms

tipc: fix the timer expires after interval 100ms This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

GSD-2022-1001752 rxrpc: Fix call timer start racing with call destruction

rxrpc: Fix call timer start racing with call destruction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

GSD-2022-1001507 tipc: fix the timer expires after interval 100ms

tipc: fix the timer expires after interval 100ms This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

GSD-2022-1001432 rxrpc: Fix call timer start racing with call destruction

rxrpc: Fix call timer start racing with call destruction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

GSD-2022-1001188 tipc: fix the timer expires after interval 100ms

tipc: fix the timer expires after interval 100ms This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

GSD-2022-1001107 rxrpc: Fix call timer start racing with call destruction

rxrpc: Fix call timer start racing with call destruction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

CLSA-2022-1650576075 Fix of 13 CVEs

CKSIX-267: USB: hso: Fix OOB memory access in hsoprobe/hsogetconfigdata - CKSIX-267: CVE-2019-14615: drm/i915/gen9: Clear residual context state on context switch - CKSIX-267: CVE-2020-8647, CVE-2020-8649: vgacon: Fix a UAF in vgaconinvertregion - CKSIX-267: CVE-2020-14331: vgacon: Fix for...

CVE-2021-35103

Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and...

CVE-2021-35103

CVE-2021-35103 is a Qualcomm/Snapdragon timer synchronization flaw where an improper validation of the number of timer values from firmware allows a local out-of-bounds write. Affected products span Qualcomm Snapdragon families (Auto, Compute, Connectivity, Industrial IOT, Mobile, Wearables, Wire...

CVE-2021-35103

Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and...

PT-2022-10422 · Qualcomm · Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to a possible out of bound write due to improper validation of the number of timer values received from firmware while syncing timers. This affects various...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel that stems from a null pointer dereference and reuse-after-release vulnerability in net/ax25/ax25timer.c. The vulnerabilit...

Qualcomm 芯片缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products...

GSD-2022-1000610 KVM: LAPIC: Also cancel preemption timer during SET_LAPIC

KVM: LAPIC: Also cancel preemption timer during SETLAPIC This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.5 by commit...

GSD-2022-1000247 KVM: LAPIC: Also cancel preemption timer during SET_LAPIC

KVM: LAPIC: Also cancel preemption timer during SETLAPIC This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.19 by commit...

PT-2022-7500 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.0 Description: The issue is related to a crash in the Linux kernel's BPF Berkeley Packet Filter component when both bpf spin lock and bpf timer are present in a BPF map value. The copy map value function do...