kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation

A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space...

CVE-2018-3598

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access...

CVE-2018-1091

In the flushtmregstothread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory TM...

DEBIAN-CVE-2018-1091

In the flushtmregstothread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory TM...

CVE-2018-1091

In the flushtmregstothread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory TM...

CVE-2018-1091

In the flushtmregstothread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory TM...

Apple macOS HighSierra 10.13 - ctl_ctloutput-leak Information Leak Exploit

Exploit for macOS platform in category local exploits / ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of sooptcopyin, which...

macOS process_policy Stack Leak

MacOS processpolicy stack leak through uninitialized field CVE-2017-7154 The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kerne...

macOS - 'process_policy' Stack Leak Through Uninitialized Field

/ The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack memory to be written to userspace. The call graph looks as...

Design/Logic Flaw

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers...

Buffer overflow

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist...

SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks

SUMMARY Symantec Network Protection products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities aka Meltdown and Spectre attacks. A remote attacker, with the ability to execute arbitrary code...

Apple macOS High Sierra 10.13 - 'ctl_ctloutput-leak' Information Leak

/ ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of sooptcopyin, which makes it possible to leak the uninitialized contents ...

Design/Logic Flaw

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOSRPMBCHECKPROVSTATUSCOMMAND, a userspace buffer is directly accessed in kernel space...

Buffer overflow

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID hdmitxsysfswtaedid, if edidsize, which is controlled by userspace, is too large, a buffer overflow occurs...

CVE-2017-11030

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the HDMI video driver function hdmiedidsysfsrdaresinfo, userspace can perform an arbitrary write into kernel memory...

CVE-2017-11030

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the HDMI video driver function hdmiedidsysfsrdaresinfo, userspace can perform an arbitrary write into kernel memory...

Linux mincore() Kernel Heap Page Disclosure

Linux: mincore discloses uninitialized kernel heap pages I found the following bug with an AFL-based fuzzer: When walkpagerange is used on a VMHUGETLB VMA, callbacks from the mmwalk structure are only invoked for present pages. However, domincore assumes that it will always get callbacks for all...

Linux - mincore() Uninitialized Kernel Heap Page Disclosure Exploit

Linux mincore discloses uninitialized kernel heap pages. When walkpagerange is used on a VMHUGETLB VMA, callbacks from the mmwalk structure are only invoked for present pages. However, domincore assumes that it will always get callbacks for all pages in the range passed to walkpagerange, and when...

Android Qualcomm Networking Subsystem Elevation of Privilege Vulnerability

Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handset Alliance OHA.Qualcomm Networking The Qualcomm Networking subsystem is a networking subsystem developed by Qualcomm Incorporated...