CVE-2017-12911

The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file...

CVE-2017-14156

The atyfbioctl function in drivers/video/fbdev/aty/atyfbbase.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes...

DEBIAN-CVE-2017-14156

The atyfbioctl function in drivers/video/fbdev/aty/atyfbbase.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes...

CVE-2017-14156

The atyfbioctl function in drivers/video/fbdev/aty/atyfbbase.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes...

Oracle Linux 7 : kernel (ELSA-2017-1842)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1842 advisory. - The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that chang...

openSUSE Security Update : openvpn (openSUSE-2017-730)

This update for openvpn fixes the following issues : - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a quite inefficient DoS attack on the server...

Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible...

Microsoft Windows - nt!NtQueryInformationResourceManager (information class 0) Kernel Stack Memory D

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1207 We have discovered that the nt!NtQueryInformationResourceManager system call called with the 0 information class discloses portions of uninitialized kernel stack memory to...

Windows Kernel stack memory disclosure in win32k!ClientPrinterThunk(CVE-2017-8475)

We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other platforms untested indirectly through the win32k!NtGdiOpenDCW system call. The analysis shown below was performed on Windows 7 32-bit. The full stack trace...

Windows Kernel stack memory disclosure in nt!NtQueryInformationResourceManager(CVE-2017-8481)

We have discovered that the nt!NtQueryInformationResourceManager system call called with the 0 information class discloses portions of uninitialized kernel stack memory to user-mode clients, on Windows 7 to Windows 10. The specific name of the 0 information class or the layout of the correspondin...

Windows Kernel stack memory disclosure in win32k!NtGdiGetTextMetricsW(CVE-2017-8472)

We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other systems untested through the win32k!NtGdiGetTextMetricsW system call. The output structure used by the syscall, according to various sources, is TMWINTERNA...

Updated kernel-linus packages fixes critical security vulnerabilities

This kernel-linus update is based on upstream 4.4.74 and fixes at least the following security issues: The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have...

Linux in the Stack Clash vulnerabilities that may be exploited by hackers to obtain local root privileges-bug warning-the black bar safety net

Last month, Qualys security researchers in a variety of Unix-based Systems found on called the“Stack Clash”the vulnerability could allow an attacker on a UNIX system to gain root privileges and take over the attack computer. Currently security researchers discovered this flaw and are working with...

Microsoft Windows - nt!NtQueryInformationProcess (ProcessVmCounters) Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryInformationProcess ProcessVmCounters Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1190&desc=2 We have discovered that the nt!NtQueryInformationProcess system call called with the ProcessVmCounters information clas...

Microsoft Windows - 'win32k!NtGdiMakeFontDir' Kernel Stack Memory Disclosure

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1191 We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The attached proof of concept code which is specific to Windows 7 32-bit works...

Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 12)' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1193 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 12 information class discloses portions of uninitialized kernel...

Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure

Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the...

Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible via a documented GetObject API function to user-mo...

Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1179 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7-10 through the win32k!NtGdiGetOutlineTextMetricsInternalW system call. The system call...

OpenBSD 'qsort()' Function Denial of Service Vulnerability

OpenBSD is a BSD-based UNIX-like operating system. A security vulnerability in the OpenBSD 'qsort' function allows an attacker to exploit the vulnerability to submit a special request, consume stack memory resources, and conduct a denial of service attack...