1. Home
  2. OS

Subcategories

  • 1 Topics
    1 Posts
    peat_psuwitP
    Vulnerability During the periodic scanning of the local media, gst-hybris gets loaded by Gstreamer, a media framework, to perform HW-accelerated video decoding. gst-hybris expected the rendering element ("sink") to be HW-accelerated as well, but media scanning does not use HW-accelerated rendering. This results in memory corruption, which could potentially be exploited by a specifically-crafted media. Info The pipeline constructing process of Gstreamer is dynamic; it can automatically pick the demuxer, decoder(s), and sink(s) based on the file type, file content, and component's capability. In this case, Gstreamer picks gst-hybris' HW-accelerated decoder as the decoder, but "fakesink" as the sink (as the scanner only wants to know certain metadata). Now, to perform HW-accelerated video rendering, gst-hybris has a dedicated sink which co-operate with the decoder in order to pass decoded video frame without copying the memory. When Gstreamer connects the decoder with the sink, the decoder can access the sink to perform necessary co-ordination. However, the decoder forgot to check if the sink it accesses is the one it can co-operate, which results in the code writing into the memory it's not supposed to access. In order for this to be exploited, the video has to be on the device, which subsequently leads to it being scanned. Video playback in other cases is not affected, as they always use HW-accelerated video rendering. CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') Severity: Medium Affected versions Affected versions: All Ubuntu Touch versions up to and including 20.04 OTA-10, 24.04-1.0. Fixed in versions: Ubuntu Touch 20.04 OTA-11 and 24.04-1.1. Solution Starting in Ubuntu Touch 20.04 OTA-11 and 24.04-1.1, gst-hybris checks the type of the sink before casting to the expected type. Fixed in: https://gitlab.com/ubports/development/core/hybris-support/gst-hybris/-/commit/58bb0e1ba2169bd85ac0930bf074ab865553356f Recommendations Update your device to Ubuntu Touch 20.04 OTA-11, 24.04-1.1 or newer. Do not download videos from untrusted sources. Timeline The issue was discovered on 30 September 2025, during a debugging of another issue. The issue was discovered before the release of Ubuntu Touch 24.04-1.0, but we did not manage to work it through and fix it in time for that release. Ubuntu Touch 20.04 OTA-11 and 24.04-1.1 was released on 1 December 2025, coordinated with the publication of this advisory. Credit Reported-by: Ratchanan Srirattanamet Patched-by: Ratchanan Sirrattanamet

  • This forum is all about the ongoing efforts to upgrade UT to the 20.04 codebase of Ubuntu.

    132 Topics
    954 Posts
    A
    @Moem @Luksus This is good news as this was a good phone with UBPorts
Log in to post
Load new posts
  • S

    Feature Suggestion: Mobile data usage monitoring

    4
    1 Votes
    4 Posts
    1k Views
    U
    I agree that a fea ture like this does make sense, expecially for people who have data limit or have to pay over their allowance. Anything like this that can take the os forward needs to be tracked on a report.
  • ?

    Wifi BqM10

    12
    0 Votes
    12 Posts
    3k Views
    U
    I have a similar issue with one of my M10 tablets. When I reboot it on restart it does not seem to be able to pick up the Wi-Fi. Everything else I have connects easy to it, but for some reason not this one tablet. The other Ubuntu Touch tablet that I have connects all OK. How strange, it is affecting just one of them. The only thing I can do is go into Wi-Fi settings, like I am going to add it again. Then before I have chance to add it, it shows as connected in the Settings list. Then it will appear in the notifications bar. I tried waiting for it to connect, thinking that it was taking a long time to auto connect, but this did not work. Only going into settings connects it for me.
  • nfsprodriverN

    Enhancement: Support for SuruDark theme

    2
    0 Votes
    2 Posts
    916 Views
    S
    @nfsprodriver I can't speak for the webbrowser-app, but I recall that many dirty things have been done in filemanager-app, especially with the color palette. To be honest, filemanager-app needs to be re-written almost from scratch, since there are many strange things in the code. Just a call to action: if there's someone in the community who would like to address its issues, I guess that any help would be very appreciated from the UBports' guys
  • SconioS

    Multirom Ubuntu/Android for Meizu Pro 5 ?

    meizu pro 5 multirom
    9
    0 Votes
    9 Posts
    4k Views
    M
    @Sconio look on the xda forum, just Google : xda multirom pro 5 :
  • mardyM

    SDK images

    1
    1 Votes
    1 Posts
    757 Views
    No one has replied
  • mardyM

    New version of account-polld in overlay PPA

    2
    8 Votes
    2 Posts
    1k Views
    flohackF
    Wow thats amazing! You are one of the first people contributing to the PPA A warm welcome! BR Florian
  • ?

    This topic is deleted!

    1
    0 Votes
    1 Posts
    1 Views
    No one has replied
  • lduboeufL

    changelog

    4
    0 Votes
    4 Posts
    2k Views
    N
    Oops, just noticed it is already reported here.
  • mardyM

    Where is the code? :-)

    12
    4 Votes
    12 Posts
    4k Views
    N
    @UniSuperBox Good job Dalton, thanks for writing that up!
  • flohackF

    Notifications: Out of the comfort zone?

    notifications background
    29
    2 Votes
    29 Posts
    13k Views
    S
    @Flohack I know that any DBus call - except for some - is by default denied by AppArmor, therefore we should for sure update the confinement AA templates. I think we'd probably need to define a new AppArmor profile for headless apps, in order to prevent e.g. usage of the UriHandler service
  • M

    A vision of where to go after Ubuntu Touch's death

    Moved ubuntu sdk snappy yunit wayland mir
    33
    6 Votes
    33 Posts
    23k Views
    S
    @Andreas-Pokorny Thank you for providing further informations about Mir. I wasn't aware that Canonical dropped the libhybris integration. And thanks for taking care of that! Snaps Point by point: It's probably easier for me to explain with an example. The LibreOffice snap in the U.Store uses the "Home" interface, which was meant to be transitional. Now that Canonical has no plan for Ubuntu Personal, could we expect similar interfaces to be "standard"? Could they break (in terms of UX and security) the current UT/UP security model, which relies on ContentHub for content sharing? Huh, when I used "content" I was referring to files, document, or more generically data. I wasn't aware of such interface. Yeah, that was my fear. The only example I found for adding new interfaces is this one. My impression is that Snaps have been designed with a strong centralization, afaiu.
  • ?

    Roadmap

    convergence
    10
    2 Votes
    10 Posts
    4k Views
    L
    Bonjour à tous, Je suis d'accord tous ces avec propos, je suis sur la Aquaris M10 sous tablette UT et elle Fonctionne très bien . J'ai fait confiance à Canonique pour ce travail nt mais voilà qu'ils prefere abandonner UT. Ce que j' aime Dans Ubuntu c'est l'absence de pub quand J' ouvre une application . Dans la convergence c'est de pouvoir utiliser une application en mode bureau classic comme pour utiliser libreoffice. En ce moment, je rencontre des bug en convergence toutes les applications qui vont sur le web ne fonctionnent pas (navigation, gmail, G+, etc.). les application s'allument puis se ferment. Il n'y a que Firefox qui fonctionne mais je n'aime pas trop, je préfère Chromium car il me fait la traduction, il mémorise mes mots de passe et j'ai accès sur tous les supports Hello everyone, I agree with all these with regards, I am on the Aquaris M10 under UT tablet and it works very well. I trusted Canonical for this work but now they prefer to give up UT. What I like In Ubuntu is the lack of ads when I open an application. In convergence it is to be able to use an application in classic desktop mode as to use libreoffice. At the moment, I encounter convergence bugs all applications that go on the web do not work (navigation, gmail, G +, etc.). The applications turn on and then close. There is only Firefox that works but I do not like too much, I prefer Chromium because it makes me translation, it memorizes my passwords and I have access to all media
  • N

    Will snappy break everything?

    Moved snappy
    5
    0 Votes
    5 Posts
    2k Views
    N
    Yes, it is sad, but we can't maintain devices with too old kernels forever anyways. That would be a major security threat! We don't have to talk about confinement and permissions when the kernel is basically an open book... Keep using your devices for now, everybody. We'll get there, when we get there.