CVE-2017-17173

The CVE-2017-17173 entry concerns Huawei Mate 9 Pro devices with older GPU driver versions (pre-LON-AL00B 8.0.0.356(C00)) where insufficient parameter verification in the GPU driver allows an attacker to trigger arbitrary kernel memory release via a crafted parameter. This could lead to a phone c...

Security Advisory - Arbitrary Memory Free Vulnerability in GPU Driver of Some Huawei Smart Phones

There is an arbitrary memory free vulnerability in GPU driver of some Huawei smart phones due to insufficient parameters verification. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory...

Huawei Mate 9 Pro Mali Double Free Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Huawei Mate 9 Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Mali GPU...

Google Android Qualcomm component elevation of privilege vulnerability (CNVD-2018-16191)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Google Android Qualcomm component GPU driver. An attacker can exploit this vulnerability to achieve elevation of...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1522-1)

This update for the Linux Kernel 4.4.59-9220 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. bsc1085447. - CVE-2018-8897: A statement in the System Programming Guide of the Intel ...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1510-1)

This update for the Linux Kernel 4.4.103-9256 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. bsc1085447. - CVE-2018-8897: A statement in the System Programming Guide of the Intel...

GPU memory module security bypass vulnerability

A GPU Graphics Processing Unit memory module is a GPU memory module. A security vulnerability exists in the GPU memory module. An attacker can exploit this vulnerability to bypass security restrictions and perform unauthorized operations by using the JavaScript WebGL API...

Google Android Qualcomm Component Elevation of Privilege Vulnerability (CNVD-2018-10685)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Google Android Qualcomm GPU component, which can be exploited by attackers to elevate privileges...

CVE-2018-10229

A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API...

Design/Logic Flaw

A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API...

CVE-2018-10229

A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API...

CVE-2018-10229

CVE-2018-10229 describes a hardware vulnerability in GPU memory modules that enables attackers to accelerate micro-architectural attacks via the JavaScript WebGL API. Public sources consistently tie the issue to GPU memory sharing with the CPU (e.g., integrated GPUs) and to WebGL timing-based sid...

GLitch: New 'Rowhammer' Attack Can Remotely Hijack Android Phones

For the very first time, security researchers have discovered an effective way to exploit a four-year-old hacking technique called Rowhammer to hijack an Android phone remotely. Dubbed GLitch, the proof-of-concept technique is a new addition to the Rowhammer attack series which leverages embedded...

Kali Linux 2018.2 Release - The Best Penetration Testing Distribution

This Kali release is the first to include the Linux 4.15 kernel, which includes the x86 and x64 fixes for the much-hyped Spectre and Meltdown vulnerabilities. It also includes much better support for AMD GPUs and support for AMD Secure Encrypted Virtualization, which allows for encrypting virtual...

CVE-2016-10462

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, and SnapdragonHighMed2016,...

CVE-2016-10462

CVE-2016-10462 affects Android platforms with Qualcomm SoCs where HLOS Access Control policy could allow access to Slimbus, GPU, and GIC resources due to insufficient isolation in certain Snapdragon generations (e.g., SD 410/12, 425, 427, 430, 435, 450, 615/16/SD 415, 625, 650/52, 808, 810, 820/8...

Intel Processors Now Allows Antivirus to Use Built-in GPUs for Malware Scanning

Global chip-maker Intel on Tuesday announced two new technologies—Threat Detection Technology TDT and Security Essentials—that not only offer hardware-based built-in security features across Intel processors but also improve threat detection without compromising system performance. Intel's Threat...

CVE-2016-8482

An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482...

CVE-2016-8482

CVE-2016-8482 is documented as an elevation of privilege in the NVIDIA GPU driver affecting Android kernels. The available details indicate a memory handling issue (referencing memory after it has been freed) in the NVIDIA Tegra kernel/driver components, leading to potential privilege escalation ...

5 Crypto Crime Concerns: Your Top Cryptocurrency Mining Questions Answered

By the end of 2017, cryptojacking, or the secret use of computing resources for mining cryptocurrency, had already gained noticeable momentum. It’s a smart strategy if you’re a cyber criminal. Why try and ransom someone’s system and wait for them to pay you when you can essentially print money?...