5 matches found
MacOS kernel code execution due to lack of bounds checking in AppleIntelCapriController::GetLinkConfig(CVE-2017-13875)
AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to index a small table of pointers without bounds checking. The OOB-read pointer is passed to AppleIntelFramebuffer::validateDisplayMode which will read a pointer to a C++ object from that...
Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig
Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1375 AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to ind...
Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1375 AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to index a small table of pointers without bounds checking. The OOB-read pointer is passed to...
Apple macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1071 Selector 0x921 of IntelFBClientControl ends up in AppleIntelCapriController::GetLinkConfig This method takes a structure input and output buffer. It reads an attacker controlled dword from the input buffer which it uses to...
MacOS kernel code execution due to lack of bounds checking in AppleIntelCapriController::GetLinkConfig (CVE-2017-2443)
Selector 0x921 of IntelFBClientControl ends up in AppleIntelCapriController::GetLinkConfig This method takes a structure input and output buffer. It reads an attacker controlled dword from the input buffer which it uses to index an array of pointers with no bounds checking: This pointer is passed...