The complexity of modern information systems relies on a large number of applications that are necessary for the proper functioning of any company. So the task of keeping up with the threats is quite difficult. Updating systems is a basic task and has a great effect. But to do this, you need to know which vulnerabilities and threats might affect your business and properly decide how to prioritize the investment in Information Security.
We are always ready to help you in an efficient and reliable way.
In addition to the Vulnerability and Threat Intelligence service, we also provide access to the vulnerabilities discovered by Allele Security Intelligence’s research team through our Security Research service. We conduct research constantly and especially in applications that are essential for various types of industry. Your company will stay up to date with the latest vulnerabilities and threats that may affect your business.
Always being steps ahead
see Our latest security alerts
For all security alerts issued, click here.
- ASA-2020-00051 – Linux kernel: vsyscall page refcounting errorget_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
- ASA-2020-00050 – Linux kernel: Use-after-free vulnerability in cgroup BPF componentThe Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch.
- ASA-2020-00049 – Linux kernel: Kernel stack information leak on s390/s390x platformIn function cmm_timeout_hander in file arch/s390/mm/cmm.c, there is a logic error which set null byte too far away from user input which means user input won’t be null terminated. And then, kernel stack data will be concatenated with user input and be processed. By querying the result, attacker is able to see the kernel data. This is linux kernel stack information leak on s390/s390x (and it is actual both for s390, ppc64 and ppc64le platforms).
- ASA-2020-00048 – WhatsApp: A stack write overflow could have allowed arbitrary code execution when playing a specially crafted push to talk messageA stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.
- ASA-2020-00047 – WhatsApp: A user controlled parameter used in video call could have allowed an out-of-bounds write on 32-bit devicesA user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.