In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238918403
Category Archives: Advisories
CVE-2021-0871
In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238921253
CVE-2021-0942
The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312
samba-4.17.0-1.fc38
FEDORA-2022-a457400fcd
Packages in this update:
samba-4.17.0-1.fc38
Update description:
Automatic update for samba-4.17.0-1.fc38.
Changelog
* Tue Sep 13 2022 Andreas Schneider <asn@redhat.com> – 4.17.0-1
– resolves: rhbz#2118818 – Update to version 4.17.0
– resolves: rhbz#2121138 – Fix CVE-2022-32743
– resolves: rhbz#2122650 – Fix CVE-2022-1615
* Tue Sep 13 2022 Andreas Schneider <asn@redhat.com> – 4.17.0-0.11.rc5
– resolves: rhbz#2093656 – Split out libnetapi(-devel) sub-packages
– resolves: rhbz#2096405 – Add samba-usershare package
libdwarf-0.4.2-1.fc37
FEDORA-2022-273a86adf0
Packages in this update:
libdwarf-0.4.2-1.fc37
Update description:
Update to latest upstream release
CVE-2022-1602
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.
CVE-2022-1278
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
mingw-poppler-21.08.0-2.fc35
FEDORA-2022-51b27699ce
Packages in this update:
mingw-poppler-21.08.0-2.fc35
Update description:
Backport fix for CVE-2022-38784.
mingw-poppler-22.01.0-7.fc36
FEDORA-2022-f7b375eae8
Packages in this update:
mingw-poppler-22.01.0-7.fc36
Update description:
Backport fix for CVE-2022-38784.
python3-docs-3.11.0~rc2-1.fc37 python3.11-3.11.0~rc2-1.fc37
FEDORA-2022-72213986b8
Packages in this update:
python3.11-3.11.0~rc2-1.fc37
python3-docs-3.11.0~rc2-1.fc37
Update description:
Update Python to 3.11.0rc2. Contains security fix for CVE-2020-10735 and other bugfixes, see https://docs.python.org/3.11/whatsnew/changelog.html#python-3-11-0-release-candidate-2