New Project Zero issue:

Linux >=5.10: wrong order of operations on close_and_free_vma error path causes temporary dangling PTE

https://project-zero.issues.chromium.org/issues/374117290

CVE-2024-53096

New Project Zero issue:

Linux: Panthor: racy panthor_vm_pool_get_vm() leads to UAF

https://project-zero.issues.chromium.org/issues/377500597

CVE-2024-53080

New Project Zero issue:

Linux >=v6.8-rc1: VMA UAF when nascent MM is accessed through forked userfaultfd or khugepaged after aborted fork

https://project-zero.issues.chromium.org/issues/373391951

CVE-2024-50263, CVE-2024-50220

New Project Zero issue:

Windows Kernel registry security descriptor refcount may overflow when referenced by too many transacted operations

https://project-zero.issues.chromium.org/issues/42451732

CVE-2024-43641

New Project Zero issue:

Windows Kernel passes user-mode pointers to registry callbacks, leading to race conditions and memory corruption

https://project-zero.issues.chromium.org/issues/42451607

CVE-2023-38141

New Project Zero issue:

Windows Kernel double-fetch in the loading of remote registry hives, leading to memory corruption

https://project-zero.issues.chromium.org/issues/42451731

CVE-2024-43452

New Project Zero issue:

PowerVR: PVRSRVAcquireProcessHandleBase() can cause psProcessHandleBase reuse when PIDs are reused

https://project-zero.issues.chromium.org/issues/42451726

CVE-2024-43704

New Project Zero issue:

Linux >=6.6: race between mremap (move_normal_pmd) and MADVISE_COLLAPSE (retract_page_tables)

https://project-zero.issues.chromium.org/issues/371047675

CVE-2024-50066

New Project Zero issue:

FASTRPC_ATTR_KEEP_MAP logic bug allows fastrpc_internal_munmap_fd to racily free in-use mappings leading to UAF

https://project-zero.issues.chromium.org/issues/42451725

CVE-2024-49848

New Project Zero issue:

Linux: temporarily dangling PFN mapping on remap_pfn_range() failure in usbdev_mmap() (and elsewhere?)

https://project-zero.issues.chromium.org/issues/366053091

CVE-2024-47674

New Project Zero issue:

adsprpc: refcount leak leading to UAF in fastrpc_get_process_gids

https://project-zero.issues.chromium.org/issues/42451711

CVE-2024-38402

New Project Zero issue:

Linux: fuse_notify_store() marks page uptodate while leaving beyond-EOF parts uninitialized

https://project-zero.issues.chromium.org/issues/42451729

CVE-2024-44947

New Project Zero issue:

Android: GKI kernels contain broken non-upstream Speculative Page Faults MM code

https://project-zero.issues.chromium.org/issues/42451518

CVE-2023-20937

New Project Zero issue:

dav1d integer overflow leading to out-of-bounds write

https://project-zero.issues.chromium.org/issues/42451651

CVE-2024-1580

New Project Zero issue:

UAF race of global maps in fastrpc_mmap_create (and epilogue functions) cause memory corruption

https://project-zero.issues.chromium.org/issues/42451715

CVE-2024-33060

New Project Zero issue:

Incorrect searching algorithm in fastrpc_mmap_find leads to kernel address space info leak

https://project-zero.issues.chromium.org/issues/42451713

CVE-2024-33060

New Project Zero issue:

Double-free (or UAF) race in possibly unused qrtr_bpf_filter_detach

https://project-zero.issues.chromium.org/issues/42451712

CVE-2024-38401

New Project Zero issue:

Linux: i915: out-of-bounds PTE write in vm_fault_gtt() leads to PTE UAF

https://project-zero.issues.chromium.org/issues/42451707

CVE-2024-42259

New Project Zero issue:

is_compat flag in adsprpc driver leads to access of userland provided addresses as kernel pointers

https://project-zero.issues.chromium.org/issues/42451710

CVE-2024-21455

New Project Zero issue:

PowerVR: DEVMEMXINT_RESERVATION::ppsPMR references PMRs but does not lock their physical addresses

https://project-zero.issues.chromium.org/issues/42451698

CVE-2024-34747