CVE-2025-38408 genirq/irq_sim: Initialize work context pointers properly

In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise the pointers contain random content...

kernel: NULL pointer dereference due to missing kalloc() return value check in shtp_cl_get_dma_send_buf()

A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub ISH driver. This issue could allow a local user to crash the system...

Exploit for Improper Initialization in Apple Ipados

This is a PoC exploit for CVE-2020-27950, a vulnerability in the macOS kernel that allows for a port pointer leak. The exploit targets the macOS kernel and leverages a vulnerability in the kalloc.1024 buffer to allocate a controlled buffer with a magic value. The exploit then creates an ipckmsg...

Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proclistuptrs has the following comment in it's userspace header: / Enumerate potential userspace pointers embedded in kernel data structures. Currently inspects kqueues only. NOTE: returned "pointers"...

Apple OS XiOS - mach_ports_register Multiple Memory Safety s

Apple OS XiOS - machportsregister Multiple Memory Safety s Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=882 machportsregister is a kernel task port MIG method. It's defined in MIG like this: routine machportsregister targettask : taskt; initportset : machportarrayt = ^array o...

Apple Mac OSX - IOHDIXControllerUserClient::convertClient Buffer Integer Overflow

Apple Mac OSX - IOHDIXControllerUserClient::convertClient Buffer Integer Overflow / Source: https://code.google.com/p/google-security-research/issues/detail?id=511 Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x100 byte structure input from which it reads a userspac...

Apple Mac OSX - 'IOHDIXControllerUserClient::convertClient' Buffer Integer Overflow

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=511 Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x100 byte structure input from which it reads a userspace pointer and a size which it passes to IOHDIXController::convertClientBuffer. Thi...

Apple Mac OSX - IOHDIXControllerUserClient::convertClientBuffer Integer Overflow

Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=511 Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x100 byte structure input from which it reads a userspace pointer and a size which it...