| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed |
| In the Linux kernel, the following vulnerability has been resolved:
vfio/type1: prevent underflow of locked_vm via exec()
When a vfio container is preserved across exec, the task does not change,
but it gets a new mm with locked_vm=0, and loses the count from existing
dma mappings. If the user later unmaps a dma mapping, locked_vm underflows
to a large unsigned value, and a subsequent dma map request fails with
ENOMEM in __account_locked_vm.
To avoid underflow, grab and save the mm at the time a dma is mapped.
Use that mm when adjusting locked_vm, rather than re-acquiring the saved
task's mm, which may have changed. If the saved mm is dead, do nothing.
locked_vm is incremented for existing mappings in a subsequent patch. |
| In the Linux kernel, the following vulnerability has been resolved:
PCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation
When a Linux VM with an assigned PCI device runs on Hyper-V, if the PCI
device driver is not loaded yet (i.e. MSI-X/MSI is not enabled on the
device yet), doing a VM hibernation triggers a panic in
hv_pci_restore_msi_msg() -> msi_lock_descs(&pdev->dev), because
pdev->dev.msi.data is still NULL.
Avoid the panic by checking if MSI-X/MSI is enabled. |
| In the Linux kernel, the following vulnerability has been resolved:
dma-buf/dma-resv: Stop leaking on krealloc() failure
Currently dma_resv_get_fences() will leak the previously
allocated array if the fence iteration got restarted and
the krealloc_array() fails.
Free the old array by hand, and make sure we still clear
the returned *fences so the caller won't end up accessing
freed memory. Some (but not all) of the callers of
dma_resv_get_fences() seem to still trawl through the
array even when dma_resv_get_fences() failed. And let's
zero out *num_fences as well for good measure. |
| In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
A bad USB device is able to construct a service connection response
message with target endpoint being ENDPOINT0 which is reserved for
HTC_CTRL_RSVD_SVC and should not be modified to be used for any other
services.
Reject such service connection responses.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller. |
| In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini
The gmc.ecc_irq is enabled by firmware per IFWI setting,
and the host driver is not privileged to enable/disable
the interrupt. So, it is meaningless to use the amdgpu_irq_put
function in gmc_v10_0_hw_fini, which also leads to the call
trace.
[ 82.340264] Call Trace:
[ 82.340265] <TASK>
[ 82.340269] gmc_v10_0_hw_fini+0x83/0xa0 [amdgpu]
[ 82.340447] gmc_v10_0_suspend+0xe/0x20 [amdgpu]
[ 82.340623] amdgpu_device_ip_suspend_phase2+0x127/0x1c0 [amdgpu]
[ 82.340789] amdgpu_device_ip_suspend+0x3d/0x80 [amdgpu]
[ 82.340955] amdgpu_device_pre_asic_reset+0xdd/0x2b0 [amdgpu]
[ 82.341122] amdgpu_device_gpu_recover.cold+0x4dd/0xbb2 [amdgpu]
[ 82.341359] amdgpu_debugfs_reset_work+0x4c/0x70 [amdgpu]
[ 82.341529] process_one_work+0x21d/0x3f0
[ 82.341535] worker_thread+0x1fa/0x3c0
[ 82.341538] ? process_one_work+0x3f0/0x3f0
[ 82.341540] kthread+0xff/0x130
[ 82.341544] ? kthread_complete_and_exit+0x20/0x20
[ 82.341547] ret_from_fork+0x22/0x30 |
| Permission control vulnerability in the file management module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Identity authentication bypass vulnerability in the Gallery app.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the file management module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the Settings module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Configuration defect vulnerability in the file management module.
Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity. |
| Denial of service (DoS) vulnerability in the office service.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the Notepad module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| DoS vulnerability in the video-related system service module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the Wi-Fi module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the App Lock module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the startup recovery module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| Permission control vulnerability in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection. |
