project-zero - Project Zero

Last 30 days Apr 11, 2024 issue 2511 (Windows Kernel subkey list use-after-free due) Labels changed by mjurczyk@google.com - Labels: -Restrict-View-Commit Labels: -Restrict-View-Commit Apr 08, 2024 issue 2525 (PowerVR: DevmemIntUnexportCtx destroys export) Labels changed by jannh@google.com - Labels: -Restrict-View-Commit Labels: -Restrict-View-Commit Apr 05, 2024 issue 2528 (Linux >=6.5: read-after-type-change of folio ) Labels changed by jannh@google.com - Labels: -Restrict-View-Commit Labels: -Restrict-View-Commit Apr 03, 2024 issue 2512 (Google Pixel: Memory corruption in MFC H264 p) Labels changed by natashenka@google.com - Labels: -Restrict-View-Commit Labels: -Restrict-View-Commit Apr 02, 2024 issue 2524 (PowerVR: RGXCreateZSBufferKM2 error path free) Labels changed by jannh@google.com - This issue is listed at <https://www.imaginationtech.com/gpu-driver-vulnerabilities/>. Labels: -Restrict-View-Commit This issue is listed at <https://www.imaginationtech.com/gpu-driver-vulnerabilities/>. Labels: -Restrict-View-Commit Mar 26, 2024 issue 1827 (Qualcomm Android: kernel use-after-free via i) commented on by chali...@gmail.com - updated patch url: https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/b261f167d0384fa70405f3f0b2be6a7686aa24c3 updated patch url: https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/b261f167d0384fa70405f3f0b2be6a7686aa24c3 Mar 26, 2024 issue 734 (Qualcomm Adreno GPU MSM driver perfcounter qu) commented on by chali...@gmail.com - Updated patch url: https://git.codelinaro.org/clo/la/kernel/msm-3.18/-/commit/27c95b64b2e4b5ff1288cbaa6e353dd803d71576 Updated patch url: https://git.codelinaro.org/clo/la/kernel/msm-3.18/-/commit/27c95b64b2e4b5ff1288cbaa6e353dd803d71576 Earlier this year Mar 15, 2024 issue 2502 (dav1d integer overflow leading to out-of-boun) Labels changed by ifratric@google.com - Labels: -Restrict-View-Commit Labels: -Restrict-View-Commit Mar 13, 2024 issue 2512 (Google Pixel: Memory corruption in MFC H264 p) Labels changed by natashenka@google.com - Labels: Fixed-2024-Mar-4 Labels: Fixed-2024-Mar-4 Mar 13, 2024 issue 2528 (Linux >=6.5: read-after-type-change of folio ) Labels changed by jannh@google.com - Labels: CVE-2024-26630 Labels: CVE-2024-26630 Mar 13, 2024 issue 2525 (PowerVR: DevmemIntUnexportCtx destroys export) changed by jannh@google.com - Labels: Fixed-2024-Mar-08 Status: Fixed Labels: Fixed-2024-Mar-08 Status: Fixed Mar 13, 2024 issue 2524 (PowerVR: RGXCreateZSBufferKM2 error path free) changed by jannh@google.com - Labels: Fixed-2024-Feb-26 Status: Fixed Labels: Fixed-2024-Feb-26 Status: Fixed Mar 13, 2024 issue 2528 (Linux >=6.5: read-after-type-change of folio ) changed by jannh@google.com - Fix has landed in: v6.6.21 (2024-03-06) v6.7.9 (2024-03-06) Labels: Fixed-2024-Mar-6 Status: Fixed Fix has landed in: v6.6.21 (2024-03-06) v6.7.9 (2024-03-06) Labels: Fixed-2024-Mar-6 Status: Fixed Mar 13, 2024 issue 2511 (Windows Kernel subkey list use-after-free due) changed by mjurczyk@google.com - Fixed in the March 2024 Patch Tuesday. Labels: Fixed-2024-Mar-12 Status: Fixed Fixed in the March 2024 Patch Tuesday. Labels: Fixed-2024-Mar-12 Status: Fixed Mar 12, 2024 issue 2512 (Google Pixel: Memory corruption in MFC H264 p) Status changed by natashenka@google.com - Fixed in this advisory: https://source.android.com/docs/security/bulletin/pixel/2024-03-01 Status: Fixed Fixed in this advisory: https://source.android.com/docs/security/bulletin/pixel/2024-03-01 Status: Fixed Mar 11, 2024 issue 2525 (PowerVR: DevmemIntUnexportCtx destroys export) commented on by jannh@google.com - The fix for this issue is at <https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5355926>. The fix for this issue is at <https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5355926>. Mar 06, 2024 issue 2511 (Windows Kernel subkey list use-after-free due) Labels changed by mjurczyk@google.com - Labels: CVE-2024-26182 Labels: CVE-2024-26182 Feb 28, 2024 issue 2505 (Telegram for Android: Use-after-free in Conne) Labels changed by markbrand@google.com - Derestricting this as it has now been fixed for at least 30 days. Labels: -Restrict-View-Commit Derestricting this as it has now been fixed for at least 30 days. Labels: -Restrict-View-Commit Feb 27, 2024 issue 2512 (Google Pixel: Memory corruption in MFC H264 p) Labels changed by natashenka@google.com - Labels: CVE-2024-27228 Labels: CVE-2024-27228 Feb 26, 2024 issue 2524 (PowerVR: RGXCreateZSBufferKM2 error path free) commented on by jannh@google.com - The fix for this issue is public at: <https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5318753> The fix for this issue is public at: <https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5318753> Feb 26, 2024 issue 2528 (Linux >=6.5: read-after-type-change of folio ) commented on by jannh@google.com - The fix is in commit 3a75cb05d53f4a6823a32deb078de1366954a804 ("mm: cachestat: fix folio read-after-free in cache walk"): https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?id=3a75cb05d53f4a6823a32deb078de1366954a804 It hasn't reached mainline yet. The fix is in commit 3a75cb05d53f4a6823a32deb078de1366954a804 ("mm: cachestat: fix folio read-after-free in cache walk"): https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?id=3a75cb05d53f4a6823a32deb078de1366954a804 It hasn't reached mainline yet.

Mar 13, 2024

issue 2512 (Google Pixel: Memory corruption in MFC H264 p) Labels changed by natashenka@google.com -

Labels: Fixed-2024-Mar-4

Mar 13, 2024

issue 2525 (PowerVR: DevmemIntUnexportCtx destroys export) changed by jannh@google.com -

Labels: Fixed-2024-Mar-08

Status: Fixed

Labels: Fixed-2024-Mar-08

Status: Fixed

Mar 13, 2024

issue 2528 (Linux >=6.5: read-after-type-change of folio ) changed by jannh@google.com - Fix has landed in: v6.6.21 (2024-03-06) v6.7.9 (2024-03-06)

Labels: Fixed-2024-Mar-6

Status: Fixed

Fix has landed in: v6.6.21 (2024-03-06) v6.7.9 (2024-03-06)

Labels: Fixed-2024-Mar-6

Status: Fixed

Mar 12, 2024

issue 2512 (Google Pixel: Memory corruption in MFC H264 p) Status changed by natashenka@google.com - Fixed in this advisory: https://source.android.com/docs/security/bulletin/pixel/2024-03-01

Status: Fixed

Fixed in this advisory: https://source.android.com/docs/security/bulletin/pixel/2024-03-01

Status: Fixed

Mar 06, 2024

issue 2511 (Windows Kernel subkey list use-after-free due) Labels changed by mjurczyk@google.com -

Labels: CVE-2024-26182

Feb 27, 2024

issue 2512 (Google Pixel: Memory corruption in MFC H264 p) Labels changed by natashenka@google.com -

Labels: CVE-2024-27228

Feb 26, 2024

issue 2528 (Linux >=6.5: read-after-type-change of folio ) commented on by jannh@google.com - The fix is in commit 3a75cb05d53f4a6823a32deb078de1366954a804 ("mm: cachestat: fix folio read-after-free in cache walk"): https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?id=3a75cb05d53f4a6823a32deb078de1366954a804 It hasn't reached mainline yet.

The fix is in commit 3a75cb05d53f4a6823a32deb078de1366954a804 ("mm: cachestat: fix folio read-after-free in cache walk"): https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?id=3a75cb05d53f4a6823a32deb078de1366954a804 It hasn't reached mainline yet.

Last 30 days

Earlier this year