Design/Logic Flaw

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs...

UBUNTU-CVE-2016-5863

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses...

CVE-2016-5863

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses...

CVE-2016-5858

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs...

CVE-2016-5863

Technical details about CVE-2016-5863 are not provided in the supplied documents. Public references exist (NVD, Ubuntu, SUSE, Tenable, ENISA) but no vendor/product/version/patch info is included here. Monitor for updates.

Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/windowskernel' require 'rex' require 'metasm' class MetasploitModule 'Razer Synapse rzpnk.sys ZwOpenProcess', 'Description' = %q A...

Razer Synapse rzpnk.sys ZwOpenProcess Exploit

A vulnerability exists in the latest version of Razer Synapse v2.20.15.1104 as of the day of disclosure which can be leveraged locally by a malicious application to elevate its privileges to those of NTAUTHORITY\SYSTEM. This module requires Metasploit: http//metasploit.com/download Current source...

Razer Synapse rzpnk.sys ZwOpenProcess

A vulnerability exists in the latest version of Razer Synapse v2.20.15.1104 as of the day of disclosure which can be leveraged locally by a malicious application to elevate its privileges to those of NTAUTHORITY\SYSTEM. The vulnerability lies in a specific IOCTL handler in the rzpnk.sys driver th...

CVE-2017-7368

In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver...

Race condition

In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver...

CVE-2017-7368

In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver...

CVE-2017-7368

CVE-2017-7368 affects Android releases from CAF that use the Linux kernel. The issue is a race condition in the ioctl handler of a sound driver, identified as the root cause in the description. The access vector is local, with user interaction required, and the impact is described as high for con...

macOS Kernel 10.12.3 (16D32) - audit_pipe_open Off-by-One Memory Corruption Exploit

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1126 MacOS kernel memory corruption due to off-by-one in auditpipeopen auditpipeopen is the special file open handler for the auditpipe device major number 10. Here's the code:...

Apple macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1126 MacOS kernel memory corruption due to off-by-one in auditpipeopen auditpipeopen is the special file open handler for the auditpipe device major number 10. Here's the code: static int auditpipeopendevt dev, unused int flags,...

Android ssp_batch_ioctl Out-Of-Bounds Write Exploit

Android suffers from an out-of-bounds write in sspbatchioctl. Android: OOB write in sspbatchioctl SensorHub exposes a character device under /dev/batchio which can be used in order to send instructions to batches of running sensors. The IOCTL handler from this device has the following high-level...

CVE-2016-4306

Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2948-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2948-1 advisory. Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An...

Ubuntu: Security Advisory (USN-2930-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...

PonyOS 0.4.99-mlp - Multiple Vulnerabilities

Advisory: PonyOS Security Issues John Cartwright Introduction ------------ Like countless others, I was pretty excited about PonyOS yesterday April 1st 2013 and decided to give it a go. After wasting a lot of time nyan'ing, I knew this was the future of desktop OSes. However, I wondered how secur...