Gareth Evans

**Name of the Vulnerable Software and Affected Versions** Lenovo PC Manager (affected versions not specified) Lenovo Browser (affected versions not specified) Lenovo App Store (affected versions not specified) **Description** A potential TOCTOU vulnerability was reported that could allow a local attacker to cause a system crash. This issue affects Lenovo software, including PC Manager, Lenovo Browser, and Lenovo App Store. **Recommendations** For PC Manager, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Lenovo Browser, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Lenovo App Store, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lenovo PC Manager (affected versions not specified) Lenovo Browser (affected versions not specified) Lenovo App Store (affected versions not specified) **Description** A potential buffer overflow issue was reported that could allow a local attacker to cause a system crash. This issue affects Lenovo PC Manager, Lenovo Browser, and Lenovo App Store. **Recommendations** For Lenovo PC Manager, consider restricting access to sensitive system resources until a patch is available. For Lenovo Browser, as a temporary workaround, consider disabling any features that may trigger the buffer overflow issue until a patch is available. For Lenovo App Store, restrict access to the app store to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 86.0.4240.75 **Description** The issue is related to uninitialized data in PDFium, a component of Google Chrome, which can allow a remote attacker to obtain potentially sensitive information from process memory. This can be achieved via a crafted PDF file. The vulnerability is associated with incorrect initialization of a resource in the PDF content handler. **Recommendations** For versions prior to 86.0.4240.75, update to version 86.0.4240.75 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LAME versions prior to 3.100 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a stack-based buffer overflow or heap-based buffer overflow, by providing a crafted WAV or AIFF file. This is due to the reliance on the signed integer data type for values in the file header, which can be mishandled, for example, when processing the `num channels` value. **Recommendations** For versions prior to 3.100, update to version 3.100 or later to resolve the issue. As a temporary workaround, consider restricting the processing of WAV and AIFF files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.9.12 **Description** The issue is related to the `do shmat` function in `ipc/shm.c` in the Linux kernel, which does not properly restrict the address calculated by a certain rounding operation. This allows local users to map page zero and bypass a protection mechanism that exists for the `mmap` system call. The exploitation can be done by making crafted `shmget` and `shmat` system calls in a privileged context. The vulnerability is also related to insufficient input validation. **Recommendations** For Linux kernel versions prior to 4.9.12, update to a version 4.9.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `do shmat` function in `ipc/shm.c` until a patch is available. Avoid making crafted `shmget` and `shmat` system calls in a privileged context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.2 **Description** The issue involves the `xar` component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers the use of uninitialized memory locations. This is due to insufficient input validation in the `xar` component, allowing a remote attacker to exploit the issue and execute arbitrary code using a specially crafted archive. **Recommendations** For macOS versions prior to 10.12.2, update to version 10.12.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `xar` component until a patch is available.