Category Archives: Advisories

CVE-2021-0943

Read Time:14 Second

In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238916921

Read More

CVE-2021-0697

Read Time:14 Second

In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238918403

Read More

CVE-2021-0871

Read Time:16 Second

In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238921253

Read More

CVE-2021-0942

Read Time:36 Second

The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312

Read More

samba-4.17.0-1.fc38

Read Time:29 Second

FEDORA-2022-a457400fcd

Packages in this update:

samba-4.17.0-1.fc38

Update description:

Automatic update for samba-4.17.0-1.fc38.

Changelog

* Tue Sep 13 2022 Andreas Schneider <asn@redhat.com> – 4.17.0-1
– resolves: rhbz#2118818 – Update to version 4.17.0
– resolves: rhbz#2121138 – Fix CVE-2022-32743
– resolves: rhbz#2122650 – Fix CVE-2022-1615
* Tue Sep 13 2022 Andreas Schneider <asn@redhat.com> – 4.17.0-0.11.rc5
– resolves: rhbz#2093656 – Split out libnetapi(-devel) sub-packages
– resolves: rhbz#2096405 – Add samba-usershare package

Read More

CVE-2022-1602

Read Time:15 Second

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.

Read More