๐จ CVE-2021-47017
In the Linux kernel, the following vulnerability has been resolved:
ath10k: Fix a use after free in ath10k_htc_send_bundle
In ath10k_htc_send_bundle, the bundle_skb could be freed by
dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later
by bundle_skb->len.
As skb_len = bundle_skb->len, my patch replaces bundle_skb->len to
skb_len after the bundle_skb was freed.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ath10k: Fix a use after free in ath10k_htc_send_bundle
In ath10k_htc_send_bundle, the bundle_skb could be freed by
dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later
by bundle_skb->len.
As skb_len = bundle_skb->len, my patch replaces bundle_skb->len to
skb_len after the bundle_skb was freed.
๐@cveNotify
๐จ CVE-2021-47021
In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7915: fix memleak when mt7915_unregister_device()
mt7915_tx_token_put() should get call before mt76_free_pending_txwi().
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7915: fix memleak when mt7915_unregister_device()
mt7915_tx_token_put() should get call before mt76_free_pending_txwi().
๐@cveNotify
๐จ CVE-2023-52715
The SystemUI module has a vulnerability in permission management.
Impact: Successful exploitation of this vulnerability may affect availability.
๐@cveNotify
The SystemUI module has a vulnerability in permission management.
Impact: Successful exploitation of this vulnerability may affect availability.
๐@cveNotify
๐จ CVE-2024-30417
Path traversal vulnerability in the Bluetooth-based sharing module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Path traversal vulnerability in the Bluetooth-based sharing module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
๐จ CVE-2023-52359
Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module.
Impact: Successful exploitation of this vulnerability will affect availability.
๐@cveNotify
Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module.
Impact: Successful exploitation of this vulnerability will affect availability.
๐@cveNotify
Huawei
HUAWEI EMUI security updates March 2024
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches.
๐จ CVE-2023-28386
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.
๐@cveNotify
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.
๐@cveNotify
๐จ CVE-2023-28649
The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.
๐@cveNotify
The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.
๐@cveNotify
๐จ CVE-2023-31240
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
๐@cveNotify
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
๐@cveNotify
๐จ CVE-2023-31241
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
๐@cveNotify
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
๐@cveNotify
๐จ CVE-2023-42853
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
๐@cveNotify
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
๐จ CVE-2021-47002
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix null pointer dereference in svc_rqst_free()
When alloc_pages_node() returns null in svc_rqst_alloc(), the
null rq_scratch_page pointer will be dereferenced when calling
put_page() in svc_rqst_free(). Fix it by adding a null check.
Addresses-Coverity: ("Dereference after null check")
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix null pointer dereference in svc_rqst_free()
When alloc_pages_node() returns null in svc_rqst_alloc(), the
null rq_scratch_page pointer will be dereferenced when calling
put_page() in svc_rqst_free(). Fix it by adding a null check.
Addresses-Coverity: ("Dereference after null check")
๐@cveNotify
๐จ CVE-2021-47046
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix off by one in hdmi_14_process_transaction()
The hdcp_i2c_offsets[] array did not have an entry for
HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one
read overflow. I added an entry and copied the 0x0 value for the offset
from similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.
I also declared several of these arrays as having HDCP_MESSAGE_ID_MAX
entries. This doesn't change the code, but it's just a belt and
suspenders approach to try future proof the code.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix off by one in hdmi_14_process_transaction()
The hdcp_i2c_offsets[] array did not have an entry for
HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one
read overflow. I added an entry and copied the 0x0 value for the offset
from similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.
I also declared several of these arrays as having HDCP_MESSAGE_ID_MAX
entries. This doesn't change the code, but it's just a belt and
suspenders approach to try future proof the code.
๐@cveNotify
๐จ CVE-2021-47048
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op
When handling op->addr, it is using the buffer "tmpbuf" which has been
freed. This will trigger a use-after-free KASAN warning. Let's use
temporary variables to store op->addr.val and op->cmd.opcode to fix
this issue.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op
When handling op->addr, it is using the buffer "tmpbuf" which has been
freed. This will trigger a use-after-free KASAN warning. Let's use
temporary variables to store op->addr.val and op->cmd.opcode to fix
this issue.
๐@cveNotify
๐จ CVE-2021-47049
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Use after free in __vmbus_open()
The "open_info" variable is added to the &vmbus_connection.chn_msg_list,
but the error handling frees "open_info" without removing it from the
list. This will result in a use after free. First remove it from the
list, and then free it.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Use after free in __vmbus_open()
The "open_info" variable is added to the &vmbus_connection.chn_msg_list,
but the error handling frees "open_info" without removing it from the
list. This will result in a use after free. First remove it from the
list, and then free it.
๐@cveNotify
๐จ CVE-2021-47050
In the Linux kernel, the following vulnerability has been resolved:
memory: renesas-rpc-if: fix possible NULL pointer dereference of resource
The platform_get_resource_byname() can return NULL which would be
immediately dereferenced by resource_size(). Instead dereference it
after validating the resource.
Addresses-Coverity: Dereference null return value
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
memory: renesas-rpc-if: fix possible NULL pointer dereference of resource
The platform_get_resource_byname() can return NULL which would be
immediately dereferenced by resource_size(). Instead dereference it
after validating the resource.
Addresses-Coverity: Dereference null return value
๐@cveNotify
๐จ CVE-2021-47051
In the Linux kernel, the following vulnerability has been resolved:
spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
๐@cveNotify
๐จ CVE-2021-47052
In the Linux kernel, the following vulnerability has been resolved:
crypto: sa2ul - Fix memory leak of rxd
There are two error return paths that are not freeing rxd and causing
memory leaks. Fix these.
Addresses-Coverity: ("Resource leak")
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
crypto: sa2ul - Fix memory leak of rxd
There are two error return paths that are not freeing rxd and causing
memory leaks. Fix these.
Addresses-Coverity: ("Resource leak")
๐@cveNotify
๐จ CVE-2021-47053
In the Linux kernel, the following vulnerability has been resolved:
crypto: sun8i-ss - Fix memory leak of pad
It appears there are several failure return paths that don't seem
to be free'ing pad. Fix these.
Addresses-Coverity: ("Resource leak")
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
crypto: sun8i-ss - Fix memory leak of pad
It appears there are several failure return paths that don't seem
to be free'ing pad. Fix these.
Addresses-Coverity: ("Resource leak")
๐@cveNotify
๐จ CVE-2023-52475
In the Linux kernel, the following vulnerability has been resolved:
Input: powermate - fix use-after-free in powermate_config_complete
syzbot has found a use-after-free bug [1] in the powermate driver. This
happens when the device is disconnected, which leads to a memory free from
the powermate_device struct. When an asynchronous control message
completes after the kfree and its callback is invoked, the lock does not
exist anymore and hence the bug.
Use usb_kill_urb() on pm->config to cancel any in-progress requests upon
device disconnection.
[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
Input: powermate - fix use-after-free in powermate_config_complete
syzbot has found a use-after-free bug [1] in the powermate driver. This
happens when the device is disconnected, which leads to a memory free from
the powermate_device struct. When an asynchronous control message
completes after the kfree and its callback is invoked, the lock does not
exist anymore and hence the bug.
Use usb_kill_urb() on pm->config to cancel any in-progress requests upon
device disconnection.
[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e
๐@cveNotify
๐จ CVE-2023-34600
Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.
๐@cveNotify
Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.
๐@cveNotify
GitHub
Adiscon/README.md at main ยท costacoco/Adiscon
CVE-2023-34600. Contribute to costacoco/Adiscon development by creating an account on GitHub.
๐จ CVE-2023-2400
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
๐@cveNotify
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
๐@cveNotify
Devolutions
Devolutions