sliff-driv-exploit

SliffDriver LPE Local privilege escalation exploit for a sign...

CVE-2025-27535

Exposed ioctl with insufficient access control in the firmware for some IntelR Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable...

Intel Ethernet Connection E825-C 安全漏洞

The Intel Ethernet Connection E825-C is a series of network controllers developed by the American company Intel. Versions of Intel Ethernet Connection E825-C prior to NVM ver. 3.84 contain security vulnerabilities. These vulnerabilities stem from insufficient ioctl access control, which may lead ...

CVE-2020-10234

The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic aka BSOD follows. The IOCTL codes can be found in the dispatch function:...

UBUNTU-CVE-2023-53172

In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FSIOCENABLEVERITY on mode 3 fds Commit 56124d6c87fd "fsverity: support enabling with tree block size fmode & FMODEREAD' in kernelread became reachable by fuzz tests. This happens if FSIOCENABLEVERITY is called on...

CVE-2023-35841

Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0...

PT-2025-17544 · Unknown · Rollback Rx Professional

Name of the Vulnerable Software and Affected Versions: Rollback Rx Professional version 12.8.0.0 Description: The issue allows local users to cause a denial of service due to a null pointer dereference from IOCtl 0x96202000 in the driver file shieldm.sys. Recommendations: For Rollback Rx...

SUSE CVE-2020-27786

A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change...

PHOENIX CONTACT TdkLib64.sys 安全漏洞

PHOENIX CONTACT TdkLib64.sys is a core application from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT TdkLib64.sys, which stems from the vulnerability of TdkLib64.sys to insufficient IOCTL access control, where by sending a specific IOCTL request, an attacker withou...

The vulnerabilities of the GPCIDrv and GDrv drivers allow attackers to execute arbitrary code. These drivers are used by the Gigabyte Aorus Engine video card configuration program, the GIGABYTE App Center for application management, and the Extreme Gaming Engine for video card status monitoring.

The vulnerability of the GPCIDrv and GDrv drivers is related to the open IOCTL mechanism, which lacks sufficient access control. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

DEBIAN-CVE-2020-27786

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change...

kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field

A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to perform ioctl2 cal...

hw: Intel GPU Denial Of Service while accessing MMIO in lower power state

A flaw was found in Intel graphics hardware GPU where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected display...

The vulnerability of the Sn5CrPack and Sn5Crypto cryptographic containers in the Secret Net Studio information protection system, which allows a hacker to trigger a service failure.

The vulnerability of the Sn5CrPack and Sn5Crypto crypto containers in the Secret Net Studio information protection system lies in the ability to directly access the driver without going through the Sn5CryptoApi.dll library, by sending an IOCTL request. Exploiting this vulnerability can allow a...

UBUNTU-CVE-2016-3713

The msrmtrrvalid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvmarchvcpu data structure, and consequently obtain sensitive information or cause a denial of service system crash, via a crafted ioctl call...

kernel: unfiltered netdev rio_ioctl access by users

The rioioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call...

PT-2012-3944 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.3.7 Description: The issue allows local users to write data to an Ethernet adapter via an ioctl call due to the rio ioctl function in drivers/net/ethernet/dlink/dl2k.c not restricting access to the SIOCSMIIREG...