1201 matches found
DEBIAN-CVE-2019-17075
An issue was discovered in writetptentry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dmamapsingle a DMA function from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used ...
PT-2019-3613 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.3.2 Description: An issue was discovered in the write tpt entry function in drivers/infiniband/hw/cxgb4/mem.c. The cxgb4 driver is directly calling dma map single a DMA function from a stack variable. This coul...
Another Side Channel in Intel Chips
Not that serious, but interesting: In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard and significantly longer path through t...
Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack
Researchers have identified a new side-channel attack impacting all modern Intel server processors made since 2012. The vulnerability could allow bad actors to sniff out encrypted passwords as they are being typed into a secure shell session SSH; but, luckily, such an attack would be difficult to...
CVE-2019-13296
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value...
CVE-2019-13296
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value...
The vulnerability of the xudc_ep_enable handler implementation in Linux kernel allows a hacker to write data into the memory space of the operating system.
The vulnerability in the implementation of the xudcepenable handler of the loaded module in the drivers/usb/gadget/udc/udc-xilinx.ko kernel of the Linux operating system arises due to an out-of-bounds array access. Exploiting this vulnerability allows an attacker to write data into an unauthorize...
New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers
Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct...
CVE-2018-15383 Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability
A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service DoS...
PT-2018-1852 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the cryptographic hardware accelerator driver could all...
RAMpage Attack Explained—Exploiting RowHammer On Android Again!
A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage , the new technique CVE-2018-9442 could re-enable an unprivileged...
New Rowhammer Attack Can Hijack Computers Remotely Over the Network
Exploitation of Rowhammer attack just got easier. Dubbed 'Throwhammer,' the newly discovered technique could allow attackers to launch Rowhammer attack on the targeted systems just by sending specially crafted packets to the vulnerable network cards over the local area network. Known since 2012,...
CVE-2018-8914
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter...
Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released
Two separate teams of security researchers have published working proof-of-concept exploits for an unpatchable vulnerability in Nvidia's Tegra line of embedded processors that comes on all currently available Nintendo Switch consoles. Dubbed Fusée Gelée and ShofEL2, the exploits lead to a coldboo...
kernel: Incorrect type conversion for size during dma allocation
A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation...
kernel: Incorrect type conversion for size during dma allocation
A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation...
kernel: Incorrect type conversion for size during dma allocation
A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation...
kernel: Incorrect type conversion for size during dma allocation
A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation...
kernel: rds_message_alloc_sgs() function doesn't validate value used during DMA page allocation causes heap out-of-bounds write
In the Linux kernel through 4.14.13, the rdsmessageallocsgs function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write related to the rdsrdmaextrasize function in 'net/rds/rdma.c' and thus to a system panic. Due to the nature of the fla...
TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Chan
Exploit for windows platform in category local exploits --- A proof of concept injectable C++ DLL, that uses naked inline hooking and direct memory modification to change TeamViewer permissions. Features As the Server - Enables extra menu item options on the right side pop-up menu. Most useful so...