1. Home
  2. OS

Subcategories

  • 2 Topics
    2 Posts
    peat_psuwitP
    Vulnerability During the periodic scanning of the local media, gst-hybris gets loaded by Gstreamer, a media framework, to perform HW-accelerated video decoding. gst-hybris expected the rendering element ("sink") to be HW-accelerated as well, but media scanning does not use HW-accelerated rendering. This results in memory corruption, which could potentially be exploited by a specifically-crafted media. Info The pipeline constructing process of Gstreamer is dynamic; it can automatically pick the demuxer, decoder(s), and sink(s) based on the file type, file content, and component's capability. In this case, Gstreamer picks gst-hybris' HW-accelerated decoder as the decoder, but "fakesink" as the sink (as the scanner only wants to know certain metadata). Now, to perform HW-accelerated video rendering, gst-hybris has a dedicated sink which co-operate with the decoder in order to pass decoded video frame without copying the memory. When Gstreamer connects the decoder with the sink, the decoder can access the sink to perform necessary co-ordination. However, the decoder forgot to check if the sink it accesses is the one it can co-operate, which results in the code writing into the memory it's not supposed to access. In order for this to be exploited, the video has to be on the device, which subsequently leads to it being scanned. Video playback in other cases is not affected, as they always use HW-accelerated video rendering. CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') Severity: Medium Affected versions Affected versions: All Ubuntu Touch versions up to and including 20.04 OTA-10, 24.04-1.0. Fixed in versions: Ubuntu Touch 20.04 OTA-11 and 24.04-1.1. Solution Starting in Ubuntu Touch 20.04 OTA-11 and 24.04-1.1, gst-hybris checks the type of the sink before casting to the expected type. Fixed in: https://gitlab.com/ubports/development/core/hybris-support/gst-hybris/-/commit/58bb0e1ba2169bd85ac0930bf074ab865553356f Recommendations Update your device to Ubuntu Touch 20.04 OTA-11, 24.04-1.1 or newer. Do not download videos from untrusted sources. Timeline The issue was discovered on 30 September 2025, during a debugging of another issue. The issue was discovered before the release of Ubuntu Touch 24.04-1.0, but we did not manage to work it through and fix it in time for that release. Ubuntu Touch 20.04 OTA-11 and 24.04-1.1 was released on 1 December 2025, coordinated with the publication of this advisory. Credit Reported-by: Ratchanan Srirattanamet Patched-by: Ratchanan Sirrattanamet

  • This forum is all about the ongoing efforts to upgrade UT to the 20.04 codebase of Ubuntu.

    132 Topics
    954 Posts
    A
    @Moem @Luksus This is good news as this was a good phone with UBPorts
Log in to post
Load new posts
  • M

    Ubuntu Touch OTA-18 Changelog: qtubuntu-camera

    5
    0 Votes
    5 Posts
    1k Views
    U
    Hi, ma! Thanks for your interest! qtubuntu-camera is a piece of software that allows Qt applications to use cameras on Android devices through hybris. Adding these new values means that Qt applications can use them. It does not mean that they will start using them automatically. There needs to be a change done to the camera-app software, which uses qtubuntu-camera, to support the new flash and exposure modes. There is a Merge Request filed to enable more flash modes: https://gitlab.com/ubports/apps/camera-app/-/merge_requests/154. However, there is no merge request filed to enable more exposure modes. If you like, you can help us test and create these changes as needed.
  • U

    Ubuntu Touch OTA-18 Changelog

    Locked
    2
    11 Votes
    2 Posts
    2k Views
    T
    @unisuperbox Thank you for a change log.
  • U

    OTA-18 Call for Testing Companion Post

    Moved
    1
    2 Votes
    1 Posts
    646 Views
    No one has replied
  • lduboeufL

    The MMS lost story

    Locked
    133
    4 Votes
    133 Posts
    81k Views
    LakotaubpL
    As @jezek and @lduboeuf suggested this thread is very long and far to hard to follow. So I will lock it. A fix has been posted so please as asked try it and report issues in the normal way and let's see how it goes.
  • S

    Where does UT store volume levels?

    6
    0 Votes
    6 Posts
    962 Views
    dobeyD
    @trwidick I wouldn't guess alsa, as for pulseaudio we have a droid plug-in whiich talks to HAL on Android devices.
  • KenedaK

    Rich Communication Services (RCS) : wide compatible advanced messaging standard.

    5
    2 Votes
    5 Posts
    1k Views
    A
    Interesting. I had heard about it, but never really read about it.
  • T

    PICTURE MESSAGES SENT SIDEWAYS

    12
    0 Votes
    12 Posts
    1k Views
    T
    Bug report opened on GitHub. https://github.com/ubports/ubuntu-touch/issues/1751
  • T

    This topic is deleted!

    1
    0 Votes
    1 Posts
    1 Views
    No one has replied
  • T

    A new way for desktop applications(classical application)

    9
    0 Votes
    9 Posts
    2k Views
    T
    @thomas-k8s Nah, you lose the native XMir windowing with that. I'm more partial to how we did it in the days before libertine's release back in 15.04 (still chroot, not libertine's proot which seems more restrictive, but using XMir with matchbox-window-manager to provide some semblance of window managment) Nowadays, I'm looking into something similar, but using the Gentoo Prefix in place of the chroot, so it runs unprivileged. Obviously will generate a LOT of I/O so if anyone else goes this way, I highly recommend running the bootstrap as far as it will let you using an NFS root mounted into the home directory somewhere (mine is .local/system) and then copy it to device and finish the bootstrap using an NFS-mounted TMPDIR (because bootstrap will only let you go so far before portage tells you that it needs root permissions for some reason when bootstrapping straight to an NFS shared folder)
  • T

    Qemu-kvm or QEMU on ubuntu touch?

    10
    0 Votes
    10 Posts
    4k Views
    T
    @emphrath No problem, I've tried a lot of things that most people would find "useless" under ubPorts while working to make my trusty Nexus 7 a portable workstation. I've been tempted to add WINE to my setup again, but I don't want to deal with setting up an i386 chroot running on the device (since LXC doesn't function correctly for me, can't create LXC containers, oddly the Android container works fine). In case I didn't mention it previously, yes, it requires qemu-user-static installed and you have to have an i386 chroot to install and run WINE/32.
  • T

    Running docker on ubuntu touch?

    5
    0 Votes
    5 Posts
    5k Views
    T
    @saveurlinux It did not work
  • U

    OTA-16 Call for Testing

    Locked Moved
    96
    2 Votes
    96 Posts
    41k Views
    U
    Hi @unaegeli, thanks for your feedback. This forum thread was for OTA-16. OTA-17 is out now, and it sounds like you might need to seek help from the app's developer rather than from me. You can find support information for most Ubuntu Touch apps on their OpenStore page: https://open-store.io/app/me.fredl.ghostcloud Thanks again for your feedback. Since OTA-16 is long out, I'm going to lock this thread.
  • U

    LineageOS and UT

    3
    0 Votes
    3 Posts
    923 Views
    U
    @povoq thanks for the reply. I figured it would take time, I prefer the UT setup or navigation, the slider. But not going to lie the battery and speed of lineageOS is something to work towards to. Id imagine if UT has the same speed and battery life as lineageOS, our operating system would be a lot more desired. I think this is why a lot of people get into linux in the first place, bring back life to a old system.
  • M

    FluffyChat | Ubuntu Touch | Flutter

    7
    0 Votes
    7 Posts
    2k Views
    M
    @dobey ..at the end of the day, the developers are key to the future
  • ShohagS

    More reliable hardware control

    3
    0 Votes
    3 Posts
    596 Views
    flohackF
    @shohag PS the Android camera API probably does not allow to use multiple picture or video streams at the same time. You might be able to select which camera you want to take the picture from or the video. All that might only change if Non-Android phones with mainline kernel driver support will be built. But I doubt luxury models will be available soon, and you can see with the Pinephone how long it takes even for that little gem to get polished - man years of work, and still its not a daily for most people.
  • mardyM

    Please help testing the new media-hub

    5
    9 Votes
    5 Posts
    1k Views
    CiberSheepC
    @mardy for now I tested E5 on dev channel: Music plays Notification of incoming mail plays while music is playing without issue I posted some issues in the MR comments Tomorrow, Arale
  • flohackF

    Call for help: Testing headset buttons

    28
    2 Votes
    28 Posts
    7k Views
    rikR
    Nexus 5, RC Channel (2021-W18), 2 bluetooth headsets (Mpow M30 earbuds, Anker Sound Core Mini speaker): no events detected when pressing play/pause, volume buttons but sound does work to both devices
  • U

    OTA-17 Call for Testing Companion Post

    Moved
    20
    2 Votes
    20 Posts
    3k Views
    LakotaubpL
    @messayisto The move to halium is planned for a few more devices in the near future. So should become the norm on those devices.
  • U

    Ubuntu Touch OTA-17 changelog

    Locked
    1
    8 Votes
    1 Posts
    1k Views
    No one has replied
  • Z

    Convergence black screen - Unity System Compositor debugging tools?

    Moved
    2
    0 Votes
    2 Posts
    328 Views
    U
    Hi @Zahkc, I've moved your post into the "OS" section since we're talking dev now! unity-system-compositor's log should normally be in /var/log/lightdm/unity-system-compositor.log. You may find the accompanying lightdm.log in that folder useful depending on the error. unity8's log should be in ~/.cache/upstart/unity8.log and might have some useful information as well.