Command injection

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM co...

Race condition

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

PT-2024-11825 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been resolved in the Linux kernel, specifically in the dpaa2-switch component. The issue occurred when an error happened in the dpaa2 switch acl entry add and...

PT-2022-7702 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the simultaneous execution of commands using a shared resource with incorrect synchronization in the Linux kernel's drm/vmwgfx component. This can lead to a cra...

UVI-2021-1001361 media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()

media: ngene: Fix out-of-bounds bug in ngenecommandconfigfreebuf This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.199 by commit...

CVE-2017-14883

In the function wmaunifiedpowerdebugstatseventhandler in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value parambuf-numdebugregister received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate...

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission Vulnerability

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments passed contains...

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments passed contains vendor specific data from the user mode driver. The...

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments...

Google Android TSP sysfs - cmd_store Multiple Overflows Vulnerability

Google Security Research Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=967 The TSP touchscreen controller driver exposes several sysfs entries through which the driver may be configured. One such entry, "cmd", allows the user to write commands to be executed by the driver...

DEBIAN-CVE-2016-6351

The espdodma function in hw/scsi/esp.c in QEMU aka Quick Emulator, when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash or execute arbitrary code on the QEMU host via vectors involvi...

UBUNTU-CVE-2016-6351

The espdodma function in hw/scsi/esp.c in QEMU aka Quick Emulator, when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash or execute arbitrary code on the QEMU host via vectors involvi...

Google Chrome - GPU Process MailboxManagerImpl Double-Read

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=780 Several functions in the GPU command buffer service interact with the GPU mailbox manager gpu/commandbuffer/service/mailboxmanagerimpl.cc, passing a reference to shared memory as the mailbox argument. MailboxManagerImpl does no...

Google Chrome - GPU Process MailboxManagerImpl Double-Read

Google Chrome - GPU Process MailboxManagerImpl Double-Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=780 Several functions in the GPU command buffer service interact with the GPU mailbox manager gpu/commandbuffer/service/mailboxmanagerimpl.cc, passing a reference to shared...

CVE-2016-4439

The espregwrite function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller FSC support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash or potentially execute arbitrary code o...

UBUNTU-CVE-2015-1234

Race condition in gpu/commandbuffer/service/gles2cmddecoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact by manipulating OpenGL ES commands...

Ipswitch WS_FTP Server 3.4/4.0 FTP Command Buffer Overrun Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8542/info Ipswitch WSFTP Server is reported to be prone to buffer overruns when handling data supplied to the APPE and STAT FTP commands. An FTP user who supplies excessive input to these commands could potentially execut...

MollenSoft Lightweight FTP Server 3.6 - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10409/info A denial of service condition is reported to exist in the MollenSoft Lightweight FTP Server that may allow a remote user to deny service to legitimate FTP users. The vulnerability is due to a lack of sufficient...

CVE-2014-1710

The AsyncPixelTransfersCompletedQuery::End function in gpu/commandbuffer/service/querymanager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a...

Command injection

The AsyncPixelTransfersCompletedQuery::End function in gpu/commandbuffer/service/querymanager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a...