The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312
Category Archives: Advisories
samba-4.17.0-1.fc38
FEDORA-2022-a457400fcd
Packages in this update:
samba-4.17.0-1.fc38
Update description:
Automatic update for samba-4.17.0-1.fc38.
Changelog
* Tue Sep 13 2022 Andreas Schneider <asn@redhat.com> – 4.17.0-1
– resolves: rhbz#2118818 – Update to version 4.17.0
– resolves: rhbz#2121138 – Fix CVE-2022-32743
– resolves: rhbz#2122650 – Fix CVE-2022-1615
* Tue Sep 13 2022 Andreas Schneider <asn@redhat.com> – 4.17.0-0.11.rc5
– resolves: rhbz#2093656 – Split out libnetapi(-devel) sub-packages
– resolves: rhbz#2096405 – Add samba-usershare package
libdwarf-0.4.2-1.fc37
FEDORA-2022-273a86adf0
Packages in this update:
libdwarf-0.4.2-1.fc37
Update description:
Update to latest upstream release
CVE-2022-1602
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.
CVE-2022-1278
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
mingw-poppler-21.08.0-2.fc35
FEDORA-2022-51b27699ce
Packages in this update:
mingw-poppler-21.08.0-2.fc35
Update description:
Backport fix for CVE-2022-38784.
mingw-poppler-22.01.0-7.fc36
FEDORA-2022-f7b375eae8
Packages in this update:
mingw-poppler-22.01.0-7.fc36
Update description:
Backport fix for CVE-2022-38784.
python3-docs-3.11.0~rc2-1.fc37 python3.11-3.11.0~rc2-1.fc37
FEDORA-2022-72213986b8
Packages in this update:
python3.11-3.11.0~rc2-1.fc37
python3-docs-3.11.0~rc2-1.fc37
Update description:
Update Python to 3.11.0rc2. Contains security fix for CVE-2020-10735 and other bugfixes, see https://docs.python.org/3.11/whatsnew/changelog.html#python-3-11-0-release-candidate-2
python3.9-3.9.14-1.fc35
FEDORA-2022-f511f8f58b
Packages in this update:
python3.9-3.9.14-1.fc35
Update description:
Update to 3.8.14
Contains security fixes for CVE-2020-10735, CVE-2021-28861
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
Safari is a graphical web browser developed by Apple.
macOS Monterey is the 18th and current major release of macOS.
macOS Big Sur is the 17th release of macOS.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.