KENNETH – 페이지 165 – 지락문화예술공작단

USN-6009-1: Linux kernel (GCP) vulnerabilities

2023-04-12 KENNETH 0

USN-6009-1: Linux kernel (GCP) vulnerabilities It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. [ more… ]

USN-6007-1: Linux kernel (GCP) vulnerabilities

2023-04-12 KENNETH 0

USN-6007-1: Linux kernel (GCP) vulnerabilities It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this [ more… ]

USN-6006-1: .NET vulnerability

2023-04-12 KENNETH 0

USN-6006-1: .NET vulnerability It was discovered that .NET did not properly manage dll files. An attacker could potentially use this issue to execute arbitrary code. Source: USN-6006-1: .NET vulnerability

USN-6008-1: Exo vulnerability

2023-04-12 KENNETH 0

USN-6008-1: Exo vulnerability It was discovered that Exo did not properly sanitized desktop files. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution. Source: USN-6008-1: Exo vulnerability

Update to Windows Subsystem for Android™ on Windows 11 (April 2023)

2023-04-12 KENNETH 0

Update to Windows Subsystem for Android™ on Windows 11 (April 2023) Today we are shipping an update (2303.40000.3.0) for Windows Subsystem for Android™ on Windows 11 to all Windows Insider channels. This update will improve reliability, security and enable picture-in-picture (PIP). Picture-in-picture For apps that use the Android PIP feature, the subsystem now supports this behavior. With the flexibility of having apps in windowed mode and all of the great Windows resize and snap features, this makes multitasking within Android apps even easier. What’s New Picture-in-picture mode supported A new “Partially running” system setting added to WSA Settings app, which runs the subsystem with minimal resources but apps launch quicker than “As needed” mode Linux kernel updated to 5.15.78 Improvements to platform reliability Android 13 security updates Giving feedback If you are having issues with Windows Subsystem for Android™ – please [ more… ]