CVE-2022-20231

In smcintcrequestfiq of armgic.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

PT-2022-14590 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel affected versions not specified Description: The issue is related to a missing bounds check in the sysmmu unmap function, which could lead to a possible out of bounds write. This might result in local escalation of privilege...

PT-2022-14456 · Unknown · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to a possible out of bounds write due to improper input validation in the smc intc request fiq function of arm gic.c. This could lead to local escalatio...

CVE-2021-0942

The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = pagetophyspsOSPageArrayData-pagearrayui32PageIndex;With the current PoC this crashes as an OOB read. However, given that the O...

CVE-2021-0942

The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = pagetophyspsOSPageArrayData-pagearrayui32PageIndex;With the current PoC this crashes as an OOB read. However, given that the O...

PT-2022-14625 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to the SEPolicy configuration of system apps, which allows access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data without...

The vulnerability of the kbase_mem_alias function (mali_kbase_mem_linux.c) in the Android operating system’s kernel allows a hacker to increase their privileges and execute arbitrary code.

The vulnerability of the kbasememalias function malikbasememlinux.c in the Android operating system kernel is related to insufficient input data validation. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

Exploit for Classic Buffer Overflow in Qualcomm Apq8009_Firmware

Exploit code for CVE-2021-1961. Full write-up is available on m...

CVE-2021-0707

In dmabufrelease of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

OESA-2022-1872 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In v4l2m2mquerybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not...

Ubuntu 16.04 ESM : Linux kernel (AWS) vulnerabilities (USN-5580-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5580-1 advisory. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-...

The vulnerability of the hid-lg.c component in the Android operating system’s kernel allows a hacker to disclose protected information.

The vulnerability of the hid-lg.c component in the Android operating system’s kernel is caused by reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

The vulnerability of the bpf_prog_test_run_skb function (test_run.c) in the Android operating system’s kernel allows a hacker to disclose sensitive information that should be protected.

The vulnerability of the bpfprogtestrunskb function testrun.c in the Android operating system stems from reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to disclose sensitive information that is protected by security measures...

PT-2022-1372 · Google +3 · Android Kernel +3

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to a use after free vulnerability in the Android kernel's binder system, which can lead to local escalation of privilege without requiring additional...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2257)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable...

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-2273)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enabl...

OESA-2022-1838 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In rcucblistdequeue of rcusegcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not...

OESA-2022-1840 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel.CVE-2022-20368...

OESA-2022-1841 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel.CVE-2022-20368...

OESA-2022-1839 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel.CVE-2022-20368...