kernel: i915: Incorrect GPU TLB flush can lead to random memory access

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system...

kernel: possible privileges escalation due to missing TLB flush

A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system...

Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking

/ This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory external methods. The intel graphics drivers have their own hash table type...

MacOS Insecure Swap File Vulnerability

It turns out that even with SIP enabled a regular root user can write to the swapfile under /private/var/vm/swapfile0 on MacOS. MacOS uses an insecure swap file CVE-2017-2494 This came out of a discussion with Jann Horn this afternoon; credit is his. It turns out that even with SIP enabled a...

Apple Mac OSX - Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=708 The external methods IGAccelGLContext::unmapusermemory and IGAccelCLContext::unmapusermemory take an 8 byte struct input which is a user-space pointer previously passed to the...

Apple Mac OSX Kernel - Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=708 The external methods IGAccelGLContext::unmapusermemory and IGAccelCLContext::unmapusermemory take an 8 byte struct input which is a user-space pointer previously passed to the equivilent mapusermemory method. The Context...

Apple Mac OSX Kernel - Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver

Apple Mac OSX Kernel - Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=708 The external methods IGAccelGLContext::unmapusermemory and IGAccelCLContext::unmapusermemory take an 8 byte struct input whi...

Google Chrome Multiple Vulnerabilities-01 Dec2012 (Mac OS X)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln01dec12macosx.nasl 6018 2017-04-24 09:02:24Z teissa $ Google Chrome Multiple Vulnerabilities-01 Dec2012 Mac OS X Authors: Antu Sanadi Copyright: Copyright c 20...

CVE-2012-5131

Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2012-5131

Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

Input validation

Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2012-5131

Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2012-5131

Removed by vendor...

CVE-2012-5131

CVE-2012-5131 affects Google Chrome/Chromium on Mac OS X via improper rendering in the Intel GPU driver, with potential denial of service and unspecified impact. Public documents corroborate that this family of CVEs was addressed in Chromium updates around late 2012 (e.g., openSUSE SU-2012:1637-1...