Android Qualcomm Performance component elevation of privilege vulnerability (CNVD-2016-04671)

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, of which Qualcomm performance is a Qualcomm performance component. A power lifting vulnerability exists in the Qualcomm Performance component of Andrion. A local attacker can exploit this...

Android Qualcomm Camera Driver Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm Camera Driver is a camera driver developed by Qualcomm. The Qualcomm Camera Driver in Android is vulnerable to a power lifting vulnerability. The vulnerability can be...

Android Qualcomm USB Driver Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm USB Driver is a USB driver component developed by Qualcomm. The Qualcomm USB Driver in Android is vulnerable to a power lifting vulnerability. The vulnerability can b...

Android Qualcomm camera driver elevation of privilege vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm Camera Driver is a camera driver developed by Qualcomm. An elevation of privilege vulnerability exists in the Qualcomm Camera Driver for Android. A local attacker cou...

Android Qualcomm Sound Driver Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and the Qualcomm Sound Driver is a Qualcomm-developed sound driver used in it. A power lifting vulnerability exists in the Qualcomm Sound Driver for Android. An attacker can exploit this...

Android Qualcomm Sound Driver Elevation of Privilege Vulnerability (CNVD-2016-03855)

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and the Qualcomm Sound Driver is a Qualcomm-developed sound driver used in it. An elevation of privilege vulnerability exists in the Qualcomm Sound Driver for Android. An attacker can...

Apple OS X El Capitan NVIDIA Graphics Drivers Arbitrary Code Execution Vulnerability

Apple OS X El Capitan is an operating system on Apple devices. An unspecified security vulnerability in Apple OS X El Capitan NVIDIA Graphics Drivers allows attackers to exploit the vulnerability to execute arbitrary code with kernel privileges...

Apple OS X El Capitan Graphics Driver Buffer Overflow Vulnerability

Apple OS X El Capitan is an operating system on Apple devices. A security vulnerability in the graphics driver of Apple OS X El Capitan allows attackers to exploit the vulnerability to execute arbitrary code with kernel privileges...

Android Qualcomm MDP Driver Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA.Qualcomm MDP Driver is one of the Qualcomm MDP drivers. A power lifting vulnerability exists in Android's Qualcomm MDP Driver, which can be exploited by a local attacker to execute...

Android NVIDIA Video Driver Mobilization Vulnerability (CNVD-2016-02832)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA.NVIDIA Video Driver is one of the NVIDIA video card drivers. A boost vulnerability exists in Android's NVIDIA Video Driver, which can be exploited by a local attacker to execute...

Android Qualcomm Buspm Driver Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA.Qualcomm Buspm Driver is one of the Qualcomm Buspm drivers. A boost vulnerability exists in Android's Qualcomm Buspm Driver, which can be exploited by a local attacker to execute arbitrary...

Android MediaTek Wi-Fi Driver Privilege Mobilization Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA.MediaTek Wi-Fi Driver is one of the MediaTek wireless card drivers. A boost vulnerability exists in Android's MediaTek Wi-Fi Driver, which can be exploited by a local attacker to execute...

Android Qualcomm Power Management Component Power Elevation Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and Qualcomm Power Management is a power management component developed by Qualcomm. An elevation of privilege vulnerability exists in the Qualcomm Power Management component in Android...

Android Qualcomm Performance component elevation of privilege vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, of which Qualcomm performance is a Qualcomm performance component. An elevation of privilege vulnerability exists in the Qualcomm Performance component of Android. A local attacker could...

Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=678 The wireless driver for the Android One sprout devices has a bad copyfromuser in the handling for the wireless driver socket private read ioctl IOCTLGETSTRUCT with subcommand...

Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation

Android One - mtwifi IOCTLGETSTRUCT Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=678 The wireless driver for the Android One sprout devices has a bad copyfromuser in the handling for the wireless driver socket private read ioctl IOCTLGETSTRUCT with...

Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the old task object leaving a short race window where we can manipula...

Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728 External Method 36 of IOUSBInterfaceUserClient is AbortStreamPipe. It takes two scalar inputs and uses the second one as an array index to read a pointer to a C++ object without checking the bounds then calls a virtual method...

Apple iOS Kernel Competitive Conditions Vulnerability

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A competitive condition vulnerability exists in the Kernel implementation in versions prior to iOS 9.3, which can lead to the execution of arbitrary code with...

Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution

Exploit for multiple platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the old task...