SUSE CVE-2021-26372

Insufficient bound checks related to PCIE in the System Management Unit SMU may result in access to an invalid address space that could result in denial of service...

SUSE CVE-2021-26375

Insufficient General Purpose IO GPIO bounds check in System Management Unit SMU may result in access/updates from/to invalid address space that could result in denial of service...

SUSE CVE-2021-26376

Insufficient checks in System Management Unit SMU FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service...

SUSE CVE-2021-26378

Insufficient bound checks in the System Management Unit SMU may result in access to an invalid address space that could result in denial of service...

SUSE CVE-2021-27138

The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT...

SUSE CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...

SUSE CVE-2021-33910

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value involving strdupa and alloca for a pathname controlled by a local attacker that results in an operating system crash...

SUSE CVE-2022-26363

x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...

SUSE CVE-2022-38228

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc...

SUSE CVE-2023-0699

Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. Chromium security severity: Medium...

CVE-2022-32954

An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

CVE-2022-32478

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

The vulnerability of the System Management Unit (SMU) component of AMD processors allows a hacker to trigger a service failure.

The vulnerability of the System Management Unit SMU component of AMD processors arises from operations that occur outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the System Management Unit (SMU) component of AMD processors allows a hacker to trigger a service failure.

The vulnerability of the System Management Unit SMU component of AMD processors arises from operations that occur outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the System Management Unit (SMU) component of AMD processors allows attackers to disclose protected information.

The vulnerability of the System Management Unit SMU component of AMD processors exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

Qualcomm 芯片缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and often fabricated on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip gpu driver, which stems from...

APsystems Energy Communication Unit 操作系统命令注入漏洞

The APsystems Energy Communication Unit APsystems ECU-R is an energy communication unit from APsystems USA. An operating system command injection vulnerability exists in APSystems ECU-R version 5203. An attacker could exploit this vulnerability to execute arbitrary commands as root using the...

UBUNTU-CVE-2023-0699

Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. Chromium security severity: Medium...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in versions prior to Google Chrome 110.0.5481.77 that originates from reuse after release in the GPU. An attacker exploits the vulnerability to cause heap corruption via specially crafted HTML...

MediaTek 芯片安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chip ccu, which arises from a competitive condition with possible memory corruption...