VYPR

security-research

by Google

CVEs (3)

  • CVE-2023-6562HigDec 20, 2023
    risk 0.49cvss 7.5epss 0.01

    JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker.

  • CVE-2022-2503MedAug 12, 2022
    risk 0.45cvss 6.9epss 0.00

    Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an…

  • CVE-2023-0045MedApr 25, 2023
    risk 0.31cvss 4.7epss 0.02

    The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is…