| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while processing control commands in the virtual memory management interface. |
| In the Linux kernel, the following vulnerability has been resolved:
ksmbd: prevent out-of-bounds stream writes by validating *pos
ksmbd_vfs_stream_write() did not validate whether the write offset
(*pos) was within the bounds of the existing stream data length (v_len).
If *pos was greater than or equal to v_len, this could lead to an
out-of-bounds memory write.
This patch adds a check to ensure *pos is less than v_len before
proceeding. If the condition fails, -EINVAL is returned. |
| Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request. |
| Memory corruption while processing camera platform driver IOCTL calls. |
| Memory corruption during PlayReady APP usecase while processing TA commands. |
| Memory corruption while processing a malformed license file during reboot. |
| Memory corruption while performing SCM call. |
| Memory corruption while performing SCM call with malformed inputs. |
| Memory corruption while processing escape commands from userspace. |
| Memory corruption while processing IOCTL call to get the mapping. |
| memory corruption while processing an image encoding completion event. |
| Memory corruption while processing an escape call. |
| Memory corruption while processing user buffers. |
| Memory corruption while allocating buffers in DSP service. |
| Memory corruption while invoking remote procedure IOCTL calls. |
| A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges). |
| A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is
not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS). |
| A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. |
| A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. |
| A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. |
