CVE-2019-2261

CVE-2019-2261 describes information disclosure caused by unauthorized access from the GPU subsystem to HLOS/non-secure memory. The vulnerability affects Qualcomm devices across multiple Snapdragon families (e.g., IPQ8074, MDM9xxx, MSM8xxx, SD-series including SD625/SD820/SD835/SD845/SD850, SDM43x...

CVE-2018-17479

Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-17479

Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2018-17479

Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-17479

Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-17479

CVE-2018-17479 is a Chrome GPU use-after-free vulnerability caused by incorrect object lifetime handling in GPU code, potentially leading to heap corruption. It affects Google Chrome prior to 70.0.3538.110. Public references describe an in-the-wild risk and indicate remediation via updating to ve...

CVE-2018-17479

Removed by vendor...

NVIDIA Windows GPU Display Driver Multiple Vulnerabilities (May 2019)

The NVIDIA GPU display driver software on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities: - An unspecified vulnerability exists in the kernel mode layer nvvlddmkm.sys handler for DxgkDdiEscape due to improper synchronization of shared...

CVE-2019-12881

i915gemuserptrgetpages in drivers/gpu/drm/i915/i915gemuserptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service NULL pointer dereference and BUG or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0...

Hidden Bee: Let’s go down the rabbit hole

Some time ago, we discussed the interesting malware, Hidden Bee. It is a Chinese miner, composed of userland components, as well as of a bootkit part. One of its unique features is a custom format used for some of the high-level elements this format was featured in my recent presentation at SAS...

Nvidia Fixes High-Severity Flaws in GeForce Experience for Gamers

Nvidia, which makes gaming-friendly graphics processing units GPUs, has patched two high-severity flaws in its GeForce Experience software, which could allow denial of service, information disclosure and privilege escalation on impacted systems. GeForce Experience is software for gamers utilizing...

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1522)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - drivers/gpu/msm/kgsl.c in the MSM graphics driver aka GPU driver for the Linux kernel 3.x, as used in Qualcomm...

CVE-2019-5676

NVIDIA Windows GPU Display driver software for Windows all versions contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature also known as a binary planting or DLL preloading attack, leading to escalation of privileges through code...

CVE-2019-5675

NVIDIA Windows GPU Display driver software for Windows all versions contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior a...

Design/Logic Flaw

NVIDIA Windows GPU Display driver software for Windows all versions contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature also known as a binary planting or DLL preloading attack, leading to escalation of privileges through code...

Information disclosure

NVIDIA Windows GPU Display driver software for Windows all versions contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior a...

Buffer overflow

NVIDIA Windows GPU Display driver software for Windows all versions contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after th...

CVE-2019-5677

NVIDIA Windows GPU Display driver software for Windows all versions contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after th...

CVE-2019-5677

CVE-2019-5677 affects the NVIDIA Windows GPU Display Driver (kernel mode nvlddmkm.sys) with a memory-bounds read issue in the DeviceIoControl handler that can lead to denial of service. Public documents consistently describe the issue as local, and that exploitation causes application/system cras...