On Qualcomm Adreno/KGSL builds where CONFIG_QCOM_KGSL_USE_SHMEM is not set (or on older KGSL versions without CONFIG_QCOM_KGSL_USE_SHMEM), KGSL allocates GPU-shared memory from its own page pool. Pages from this pool are inserted into VMAs that don't have any weird flags like VM_PFNMAP set, which means userspace can grab extra references to these pages through get_user_pages() (for example, using vmsplice()). But when GPU-shared memory is freed, KGSL puts the freed pages into its own page pool without checking the page refcount. This means that pages that are still accessible from userspace can be reallocated as GPU memory by another process.
912899972d766ddbe72f5a9e3255c982b1f4d47a09b7d4e6f29f8440583aa47cQualcomm Adreno/KGSL suffers from an unchecked cast of vma->vm_file->private_data in kgsl_setup_dmabuf_useraddr().
607fa965d699b8530e3007ef7ceaca726a5ef18f66dd831e4ec632ad32adcccdDebian Linux Security Advisory 5417-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.
0562c60082b5ec1e7ee72e0195d29f8e00ba947650e8adc9a2c11de5a7962712Ubuntu Security Notice 6126-1 - It was discovered that libvirt incorrectly handled the nwfilter driver. A local attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. It was discovered that libvirt incorrectly handled queries for the SR-IOV PCI device capabilities. A local attacker could possibly use this issue to cause libvirt to consume resources, leading to a denial of service.
2428d114b29a7635b37b13ee27f71b288c04d0ac2bcc0c3a7183642ad95f19a5Ubuntu Security Notice 6125-1 - It was discovered that the snap sandbox did not restrict the use of the ioctl system call with a TIOCLINUX request. This could be exploited by a malicious snap to inject commands into the controlling terminal which would then be executed outside of the snap sandbox once the snap had exited. This could allow an attacker to execute arbitrary commands outside of the confined snap sandbox. Note: graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
d6142a389581e8b71a5a65e1482602c8af57348635d8d99ec858bde8d3b1e346Ubuntu Security Notice 6117-1 - It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. It was discovered that Apache Batik allowed running untrusted Java code from an SVG. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
85f995d8dc3d6d133b2736ab20338129d78bc3c4ade7134e041730d468f2bdafUbuntu Security Notice 6124-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.
488019825a52767118c79091984feba06bc2c22c68ba9d70b20568ab55b6c89dUbuntu Security Notice 6123-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.
df56b82df331c1c081d299856c697c2da2c9d8d15ef5390e9143271062bfb935Ubuntu Security Notice 6122-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service.
51a33415dee579f2b782939c106a8c659dc31555dd7bd93f6d39ada9404463dcDebian Linux Security Advisory 5416-1 - It was discovered that there was a potential buffer overflow and denial of service vulnerability in the gdhcp client implementation of connman, a command-line network manager designed for use on embedded devices.
7dbf7e97f99140abb635636b004d03b6f4fef684070ce1693f9fa9f7dfcfe707WordPress ReviewX plugin versions 1.6.13 and below suffer from a privilege escalation vulnerability.
1c2eca8ad1720a71bcac303fcf5dc619660f13c02ebb872e57cb73b4594ef46fLost and Found Information System version 1.0 allows a staff level user to adjust administrative controls.
7400ab6049de4dddfcdfd454ab83d447a594ba9c2bffab3956a8231dd11a7b29Microsoft GamingServicesNet version 12.77.3001.0 suffers from an unquoted service path vulnerability.
f646d15b94eb25a9e33e9b98a5da9499fcc1db0453cea3b315f41964952474a9Apple Zeed ALL YOUR STYLE CMS version 2.0 suffers from a remote SQL injection vulnerability.
b2b4efdf6407c97da1fd4879b1060ceb3e8610f81ecf9ca9405dfa82f22caab8Vaskar Courier version 3.2.0 appears to leave default credentials installed after installation.
05544a17c90ad511b085197b405bbd4110682256b8d689ce8540a01ad27dbc84
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed