Security Bulletin: PowerSC is vulnerable to information disclosure, denial of service, and security restrictions bypass due to Curl

Summary Vulnerabilities in Curl could allow a local attacker to obtain sensitive information CVE-2024-7264 or a remote attacker to cause a denial of service CVE-2024-6197, CVE-2024-37371 or bypass security restrictions CVE-2024-37370. PowerSC uses Curl as part of PowerSC Trusted Network Connect...

Microsoft Azure Sphere Kernel pwm_ioctl_apply_state kfree() code execution vulnerability

Summary A code execution vulnerability exists in the kernel pwmioctlapplystate functionality of Microsoft Azure Sphere 21.01. A specially crafted ioctl can lead to arbitrary kfree. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Microsoft Azure Sphere 21.01 Product...

Intel IGC64.DLL shader functionality realloc code execution vulnerability

Summary An exploitable pointer corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can corrupt a pointer, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to trigger th...