Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog-jitedlen along with prog-jited syzbot reported an illegal copytouser attempt from bpfproggetinfobyfd. There has been no further reports of this bug yet, but I think that the commit 0aef499f3172 “mm/usercopy...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990456)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990456 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog-jitedlen along prog-jited syzbot reported an illegal copytouser attempt fr...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988746)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988746 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog-jitedlen along prog-jited syzbot reported an illegal copytouser attempt fr...

SUSE CVE-2022-49341

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog-jitedlen along prog-jited syzbot reported an illegal copytouser attempt from bpfproggetinfobyfd 1 There was no repro yet on this bug, but I think that commit 0aef499f3172 "mm/usercopy: Detect vmalloc...

DEBIAN-CVE-2022-49341

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog-jitedlen along prog-jited syzbot reported an illegal copytouser attempt from bpfproggetinfobyfd 1 There was no repro yet on this bug, but I think that commit 0aef499f3172 "mm/usercopy: Detect vmalloc...

CVE-2022-49341

The CVE-2022-49341 entry concerns the Linux kernel vulnerability where bpf, arm64 paths could reveal kernel memory via copy_to_user() in bpf_prog_get_info_by_fd() due to incorrect handling of prog->jited_len. The issue arises when prog->jited_len is set (e.g., to 43) but prog->bpf_func i...

CVE-2022-49341 bpf, arm64: Clear prog->jited_len along prog->jited

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog-jitedlen along prog-jited syzbot reported an illegal copytouser attempt from bpfproggetinfobyfd 1 There was no repro yet on this bug, but I think that commit 0aef499f3172 "mm/usercopy: Detect vmalloc...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from prog-jitedlen not being cleared with prog-jited, which could lead to illegal memory accesses...

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access Exploit

/ Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...

Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion

NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code. In the PoC, it overwrites the pointer to property...

Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion

Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusio...

Microsoft Edge Chakra JIT - Magic Value Type Confusion Exploit

Exploit for windows platform in category dos / poc / BOOL JavascriptNativeFloatArray::SetItemuint32 index, double dValue if uint64&dValue == uint64&JavascriptNativeFloatArray::MissingItem JavascriptArray varArr = JavascriptNativeFloatArray::ToVarArraythis; varArr-DirectSetItemAtindex,...

Microsoft Edge Chakra JIT - Magic Value Type Confusion

Microsoft Edge Chakra JIT - Magic Value Type Confusion / BOOL JavascriptNativeFloatArray::SetItemuint32 index, double dValue if uint64&dValue == uint64&JavascriptNativeFloatArray::MissingItem JavascriptArray varArr = JavascriptNativeFloatArray::ToVarArraythis; varArr-DirectSetItemAtindex,...

Microsoft Edge Chakra JIT Incorrect Function Declaration Scope Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: Incorrect function declaration scope CVE-2017-11870 In the following JavaScript code, both of the print calls must print out "undefined" because of "x" is a formal parameter. But the second print call prints out...

Safari 4.0.5 - parent.close() Memory Corruption exploit (ASLR and DEP bypass)

No description provided by source. Download: http://www.exploit-db.com/sploits/safariparentclosesintsov.zip Unzip and run START.htm This exploit use JIT-SPRAY for DEP and ASLR bypass. jit-shellcode: systemnotepad 0day.html - use 0x09090101 address for CALL JITed shellcode. START.htm - iff.htm -...

JITed exec notepad Shellcode

No description provided by source. Title: JITed exec notepad shellcode EDB-ID: CVE-ID: OSVDB-ID: Author: Alexey Sintsov Published: Verified: yes Download N/A // JIT.swf // // By Alexey Sintsov // [email protected] // [email protected] // // DSecRG - Digital Security Research Group dsecrg.com // //...

JITed egg-hunter stage-0 shellcode Adjusted universal for xp/vista/win7

No description provided by source. // JITed egg-hunter stage-0 shellcode // Permanent DEP bypass // // By Alexey Sintsov // [email protected] // [email protected] // // DSecRG - Digital Security Research Group dsecrg.com// // // TAG=3135330731353307 // its mean 0x07333531 twice! // // // This versi...

Apple Safari 4.0.5 - 'parent.close()' Memory Corruption (ASLR + DEP Bypass)

Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12614.zip safariparentclosesintsov.zip Unzip and run START.htm This exploit use JIT-SPRAY for DEP and ASLR bypass. jit-shellcode: system"notepad" 0day.html - use 0x09090101 address for CALL JITed shellcode...

JITed egg-hunter stage-0 shellcode Adjusted universal for xp/vista/win7

Exploit for win32 platform in category shellcode ======================================================================= JITed egg-hunter stage-0 shellcode Adjusted universal for xp/vista/win7 ======================================================================= // JITed egg-hunter stage-0...

JITed egg-hunter stage-0 shellcode

No description provided by source. // JITed egg-hunter stage-0 shellcode // Permanent DEP bypass // // By Alexey Sintsov // [email protected] // [email protected] // // DSecRG - Digital Security Research Group dsecrg.com// // // TAG=3135330731353307 // its mean 0x07333531 twice! // // // This versi...