20 matches found
CBL Mariner 2.0 Security Update: kernel (CVE-2024-58034)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-58034 advisory. - In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node...
CVE-2024-44932
In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes very rarely, but possible throwing WARNs from net/core/pagepool.c:pagepooldisabledirectrecycling. Turned out idpf frees interrupt vectors with...
CVE-2024-44932
In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes very rarely, but possible throwing WARNs from net/core/pagepool.c:pagepooldisabledirectrecycling. Turned out idpf frees interrupt vectors with...
CVE-2024-44932 idpf: fix UAFs when destroying the queues
In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes very rarely, but possible throwing WARNs from net/core/pagepool.c:pagepooldisabledirectrecycling. Turned out idpf frees interrupt vectors with...
CVE-2024-44932
In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes very rarely, but possible throwing WARNs from net/core/pagepool.c:pagepooldisabledirectrecycling. Turned out idpf frees interrupt vectors with...
CVE-2024-44932
CVE-2024-44932 affects the Linux kernel idpf subsystem. The MiracleLinux advisory documents a fix for use-after-free (UAF) conditions that occurred when destroying idpf queues and their associated interrupt vectors; the patch sequence reordered allocation/freeing so queues and vectors are allocat...
CVE-2024-44932 idpf: fix UAFs when destroying the queues
In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes very rarely, but possible throwing WARNs from net/core/pagepool.c:pagepooldisabledirectrecycling. Turned out idpf frees interrupt vectors with...
CVE-2024-44932 idpf: fix UAFs when destroying the queues
In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes very rarely, but possible throwing WARNs from net/core/pagepool.c:pagepooldisabledirectrecycling. Turned out idpf frees interrupt vectors with...
CVE-2023-52913
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gemcontextregister makes the context visible to userspace, and which point a separate thread can trigger the I915GEMCONTEXTDESTROY ioctl. So we need to ensure that nothing uses the ctx ptr aft...
CVE-2023-52913
CVE-2023-52913 affects the Linux kernel’s drm/i915 component, where gem_context_register() exposes a GEM context to userspace and later code path allows a separate thread to trigger I915_GEM_CONTEXT_DESTROY. The root cause is using the ctx pointer after context destruction and not making the ctx ...
CVE-2023-52913 drm/i915: Fix potential context UAFs
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gemcontextregister makes the context visible to userspace, and which point a separate thread can trigger the I915GEMCONTEXTDESTROY ioctl. So we need to ensure that nothing uses the ctx ptr aft...
CVE-2023-52913 drm/i915: Fix potential context UAFs
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gemcontextregister makes the context visible to userspace, and which point a separate thread can trigger the I915GEMCONTEXTDESTROY ioctl. So we need to ensure that nothing uses the ctx ptr aft...
CVE-2021-47517 ethtool: do not perform operations on net devices being unregistered
In the Linux kernel, the following vulnerability has been resolved: ethtool: do not perform operations on net devices being unregistered There is a short period between a net device starts to be unregistered and when it is actually gone. In that time frame ethtool operations could still be...
CVE-2021-47517
CVE-2021-47517 affects the Linux kernel’s ethtool handling: during net-device unregistration a reference to the device can be used, enabling operations after unregister begins. The fix moves the operation into an rtnl-locked path on the netlink side so the net device won’t be found post-unregiste...
uafs.edu Cross Site Scripting vulnerability OBB-3398680
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GSD-2023-1002019 drm/i915: Fix potential context UAFs
drm/i915: Fix potential context UAFs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit b696c627b3f56e173f7f70b8487d66da8ff22506, ...
curl: Race condition with CURL_LOCK_DATA_CONNECT can cause connections to be used at the same time
Summary: We've seen race conditions when using CURLLOCKDATACONNECT in libcurl where sometimes two different threads using two different easy handles ends up sharing the same connection pointer at the same time. This causes UAFs and double frees when both threads are freeing items on the same...
MacOS/iOS multiple kernel UAFs due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient(CVE-2017-13847)
IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientClose method but it treats it like a destructor. IOUserClient::clientClose is not a destructor and plays no role in the...
Apple macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientClose method but it treats it like a destructor...
Internet Bug Bounty: Multiple use after frees in obj2ast_* methods
Multiple UAFs in Python AST API. link to bugtracker...