CVE-2024-26622 tomoyo: fix UAF write bug in tomoyo_write_control()

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyowritecontrol Since tomoyowritecontrol updates head-writebuf when write of long lines is requested, we need to fetch head-writebuf after head-iosem is held. Otherwise, concurrent write requests c...

CVE-2024-26622 tomoyo: fix UAF write bug in tomoyo_write_control()

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyowritecontrol Since tomoyowritecontrol updates head-writebuf when write of long lines is requested, we need to fetch head-writebuf after head-iosem is held. Otherwise, concurrent write requests c...

CVE-2024-26622

CVE-2024-26622 affects the Linux kernel’s tomoyo subsystem. The issue is a use-after-free/write-after-free in tomoyo_write_control() when long lines are written. The root cause is that head->write_buf must be fetched after head->io_sem is held; otherwise concurrent write() calls can trigger...

CVE-2024-26622

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyowritecontrol Since tomoyowritecontrol updates head-writebuf when write of long lines is requested, we need to fetch head-writebuf after head-iosem is held. Otherwise, concurrent write requests c...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds write problem...

Exploit for Link Following in Microsoft

CVE-2023-29343 This is PoC for arbitrary file write bug in Sy...

CVE-2023-32696 Excessive permissions for ckan user

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...

SUSE CVE-2020-0110

In psiwrite of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

SUSE CVE-2021-0961

In quotaprocwrite of xtquota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

SUSE CVE-2022-23560

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

CVE-2022-42542

In phNxpNciHalcoreinitialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

DEBIAN-CVE-2022-46343

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution f...

GSD-2022-1008299 udf: Fix a slab-out-of-bounds write bug in udf_find_entry()

udf: Fix a slab-out-of-bounds write bug in udffindentry This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.300 by commit...

GSD-2022-1007934 udf: Fix a slab-out-of-bounds write bug in udf_find_entry()

udf: Fix a slab-out-of-bounds write bug in udffindentry This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.79 by commit...

OESA-2022-2059 qt5-qtbase security update

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. Security Fixes: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and...

OESA-2022-1719 e2fsprogs security update

The e2fsprogs package consists of a lot of tools for users to create, check, modify, and correct any inconsistencies in second extended file system. Security Fixes: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly...

AZL-9596 CVE-2022-29968 affecting package kernel for versions less than 5.15.37.1-2

An issue was discovered in the Linux kernel through 5.17.5. iorwinitfile in fs/iouring.c lacks initialization of kiocb-private...

kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c

An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability...

DEBIAN-CVE-2020-25085

QEMU 5.0.0 has a heap-based Buffer Overflow in flatviewreadcontinue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHCBLKSIZE case...

CVE-2020-3765

Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution...