PlayStation: SOCK_RAW sockets reachable from Webkit process allows triggering double free in IP6_EXTHDR_CHECK

Summary Memory corruption can be achieved by sending fragmented IPv6 packets to loopback interface due to poor and inconsistent use of IP6EXTHDRCHECK. The macro IP6EXTHDRCHECK can free the mbuf if the packet is sent to loopback interface. This fact is not considered in dest6input, frag6input and...

Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC)

/ FreeBSD 12.0-RELEASE x64 Kernel Exploit Usage: $ clang -o exploit exploit.c -lpthread $ ./exploit / include include include include include include include include define KERNEL include undef KERNEL define WANTFILE include include include include include define WANTSOCKET include include define...

FreeBSD 9 Address Space Manipulation 权限提升漏洞

No description provided by source...