14 matches found
Exploit for Incorrect Calculation in Google Android
CVE-2020-0022 Many thanks to Insinuator for their amazing blo...
SUSE CVE-2024-31852
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
DEBIAN-CVE-2024-31852
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
AZL-39728 CVE-2024-31852 affecting package lldb for versions less than 18.1.2-2
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
CVE-2024-31852
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
AZL-39830 CVE-2024-31852 affecting package clang16 for versions less than 16.0.0-1
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
CVE-2024-31852
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
CVE-2024-31852
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
Exploit for Incorrect Calculation in Google Android
CVE-2020-0022 Many thanks to Insinuator for their amazing blo...
IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP
Exploit Title: IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP Date: 2020-05-20 Exploit Author: Austin Babcock Vendor Homepage: https://icofx.ro/ Software Link: https://drive.google.com/file/d/1SONzNStAW3pAPU5IUvsYS3z0jYymEZn/view?usp=sharing Version: 2.6.0.0 Tested on: Windows 7...
IcoFX 2.6 Buffer Overflow
Exploit Title: IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP Date: 2020-05-20 Exploit Author: Austin Babcock Vendor Homepage: https://icofx.ro/ Software Link: https://drive.google.com/file/d/1SONzNStAW3pAPU5IUvsYS3z0jYymEZn/view?usp=sharing Version: 2.6.0.0 Tested on: Windows 7...
IcoFX 2.6 - (.ico) Buffer Overflow SEH + DEP Bypass using JOP Exploit
Exploit Title: IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP Exploit Author: Austin Babcock Vendor Homepage: https://icofx.ro/ Software Link: https://drive.google.com/file/d/1SONzNStAW3pAPU5IUvsYS3z0jYymEZn/view?usp=sharing Version: 2.6.0.0 Tested on: Windows 7 Ultimate x64 CVE:...
Examining Pointer Authentication on the iPhone XS
Posted by Brandon Azad, Project Zero In this post I examine Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS, with a focus on how Apple has improved over the ARM standard. I then demonstrate a way to use an arbitrary kernel read/write primitive to forge kernel...
Google Android - cfp_ropp_new_key_reenc cfp_ropp_new_key RKP Memory Corruption
Google Android - cfproppnewkeyreenc cfproppnewkey RKP Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=979 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to...