DEBIAN-CVE-2023-42752

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating skbsharedinfo in the userspace, which is exploitable in systems without SMAP protection since skbsharedinfo contains references to function pointers...

UBUNTU-CVE-2023-42752

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating skbsharedinfo in the userspace, which is exploitable in systems without SMAP protection since skbsharedinfo contains references to function pointers...

Integer overflow

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating skbsharedinfo in the userspace, which is exploitable in systems without SMAP protection since skbsharedinfo contains references to function pointers...

CVE-2023-42752

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating skbsharedinfo in the userspace, which is exploitable in systems without SMAP protection since skbsharedinfo contains references to function pointers...

SUSE CVE-2017-16837

Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...

UBUNTU-CVE-2022-25258

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests ones with a large array index and ones associated with NULL function pointer retrieval. Memory corruption might occur...

Wrong type for `Linker`-define functions when used across two `Engine`s

Impact As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of...

Type confusion

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

Heap-based Buffer Overflow in vim/vim

✍️ Description While testing vim built from commit ddfc051 with Ubuntu clang version 12.0.0-3ubuntu120.04.3 and Address Sanitizer, we discovered crafted input which triggers a heap-buffer-overflow, READ of size 1. 🕵️‍♂️ Proof of Concept 1. git clone https://github.com/vim/vim LD=lld AS=llvm-as...

Heap-based Buffer Overflow in vim/vim

✍️ Description Hello, we hope this message finds you well during these challenging times. Whilst testing vim built from commit deba5e with Ubuntu clang version 12.0.0-3ubuntu120.04.3 and Address Sanitizer, we discovered crafted input which triggers a heap-buffer-overflow, WRITE of size 15. Please...

Denial of Service Vulnerability in Proficy Machine Edition fxVersaPro

General Electric GE companies are multinational corporations that provide technology and service businesses. A denial of service vulnerability exists in Proficy Machine Edition fxVersaPro, which can be exploited by an attacker to cause a null pointer dereference to occur when indexing function...

Huawei EulerOS: Security Advisory for tboot (EulerOS-SA-2021-1855)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-8508

nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled...

CVE-2020-8508

nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled...

Code injection

nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled...

Google Adds Control-Flow Integrity to Beef up Android Kernel Security

Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities. In code reuse attacks, attackers exploit memory corruptio...

Memory Corruption Vulnerability in TAS AP-PCLINK setup V1.5

The AP series is a new generation of programmable controllers PLCs newly developed by TSMC. A memory corruption vulnerability exists in AP-PCLINK setup V1.5 of TAS. The vulnerability is caused due to AP-PCLINK failing to validate the availability of a pointer to a function when reading a malforme...

Internet Bug Bounty: Exim use-after-free vulnerability while reading mail header involving BDAT commands

Original article is here Use-after-free in receivemsg leads to RCE Vulnerability Analysis To explain this bug, we need to start with the memory management of exim. There is a series of functions starts with store such as storeget, storerelease, storereset. These functions are used to manage...

Trusted Boot Arbitrary Code Execution Vulnerability

Trusted Boot tboot is an open source pre-kernel/vmm module that supports booting OS kernels/VMMs after measurement and determination utilizing Intel TXT technology. An arbitrary code execution vulnerability exists in Boot 1.9.6 and earlier versions, which stems from a program's failure to validat...

CVE-2017-16837

Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...