#ios

An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.

An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.

An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux).

Categories: News Tags: fake Chrome update Tags: AirBnb scam Tags: fake IRS tax email Tags: Ransomware in Germany report Tags: Living Off The Land Tags: LOTL attack Tags: ALPHV ransomware Tags: ransomware Tags: spring cleaning your browser Tags: lost injured dog Facebook hoax Tags: Facebook hoax Tags: swatting-as-aservice Tags: LockBit ransomware Tags: Instagram scam Tags: Domino Backdoor Tags: Malwarebytes Admin Tags: Fancy Bear Tags: tech support scam Tags: QBot Tags: Chrome zero-day Tags: Facebook Tags: Cambridge Analytica settlement claim The most interesting security related news from the week of April 17 - 23. (Read more...) The post A week in security (April 17 - 23) appeared first on Malwarebytes Labs.

Apple thwarts NSO’s spyware, the rise of a GPT-4 black market, Russia targets Starlink internet connections, and more.

NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.

Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The `!ping` command when provided with an IP or hostname used to run a bash `ping <IP>` without verification that the IP or hostname was legitimate. This command was executed with root permissions and may lead to arbitrary command injection on the host server. Users are advised to upgrade. There are no known workarounds for this vulnerability.

While Intel is building more hardware protections directly into the chips, enterprises still need a strategy for applying security updates on these components.

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)