Articles by KENNETH

USN-5637-1: libvpx vulnerability It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service. Source: USN-5637-1: libvpx vulnerability

USN-5636-1: SoS vulnerability It was discovered that SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. Source: USN-5636-1: SoS vulnerability

USN-5635-1: Linux kernel (GKE) vulnerabilities It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that [ more… ]