PT-2022-35572 · Xen +1 · Xen/Gntdev +1

Name of the Vulnerable Software and Affected Versions: xen/gntdev versions prior to v5.10.152 Description: The issue is related to VMA splitting in xen/gntdev. It was introduced in version v2.6.38 and fixed in Linux Kernel version v5.10.152. The actual impact and attack plausibility have not yet...

Out-of-bounds

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...

RUSTSEC-2022-0076 Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...

CVE-2022-39392 Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...

OESA-2022-1968 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition unmapmappingrange versus munmap, a device driver can free a page while it still has stale TLB entries. This only...

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap) a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

...

AZL-10858 CVE-2022-39188 affecting package kernel for versions less than 5.15.67.1-4

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition unmapmappingrange versus munmap, a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VMPFNMAP VMAs...

DEBIAN-CVE-2022-39188

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition unmapmappingrange versus munmap, a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VMPFNMAP VMAs...

CVE-2022-39188

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition unmapmappingrange versus munmap, a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VMPFNMAP VMAs...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of the Linux kernel prior to 5.19, which stems from its include/asm-generic/tlb.h component due to a contention condition in the cas...

"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered

Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw CVE-2022-2588 to escalate...

FreeBSD 安全漏洞

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD. By exploiting this vulnerability, an attacker can read segments of FreeBSD's memory via outdated virtual memory mappings to obtain sensitive information...

FreeBSD : FreeBSD -- Memory disclosure by stale virtual memory mapping (02fb9764-1893-11ed-9b22-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 02fb9764-1893-11ed-9b22-002590c1f29c advisory. - A particular case of memory sharing is mishandled in the virtual memory system. This is very similar ...

CVE-2022-20239

remappfnrange' here may map out of size kernel memory for example, may map the kernel area, and because the 'vma-vmpageprot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID:...

FreeBSD -- Memory disclosure by stale virtual memory mapping

Problem Description: A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. Impact: An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read...

FreeBSD-SA-22:11.vm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:11.vm Security Advisory The FreeBSD Project Topic: Memory disclosure by stale virtual memory mapping Category: core Module: vm Announced: 2022-08-09 Credits:...

STIG V-218773 - Recycling IIS App Pools on Storefront Servers

Address STIGV-218773 compatibility with Citrix Storefront vis a vis of the virtual memory an application pool uses...

UBUNTU-CVE-2022-26356

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XENDMOPtrackdirtyvram was named HVMOPtrackdirtyvram before Xen 4.9 is racy with ongoing log dirty hypercalls. A suitably timed call to XENDMOPtrackdirtyvram can enable log dirty whil...