The vulnerability of Apple M1 chip architecture allows a hacker to gain access to the OS’s kernel and gain full control over the vulnerable device.

The vulnerability of Apple M1 chip architecture is related to the disclosure of information through auxiliary channels. Exploiting this vulnerability can allow a hacker to gain access to the OS’s kernel and gain full control over the vulnerable device...

ToaruOS 安全漏洞

ToaruOS is an open source computer operating system written in the C language. A security vulnerability exists in ToaruOS version 1.99.2 that stems from incorrect kernel access control...

PT-2022-10535 · Toaruos · Toaruos

Name of the Vulnerable Software and Affected Versions: ToaruOS version 1.99.2 Description: The issue is related to incorrect access control via the kernel, specifically due to improper MMU management and a low GDT address that allows it to be mapped in userland. This can be exploited by writing a...

CVE-2022-22591

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges...

CVE-2021-33627

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOC...

PlayStation: Use-after-free in setsockopt IPV6_2292PKTOPTIONS (CVE-2020-7457)

The PS5 is vulnerable to https://hackerone.com/reports/826026 which easily grants kernel access to an attacker. This vulnerability had been reported by me for the PS4 2 years ago when the PS5 did not yet exist, thus this should be considered as a new report and not a duplicate. I was able to use...

CVE-2021-26334

The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user...

CVE-2021-1867

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges...

CVE-2021-22326

A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS A vulnerability exists in the debug function code in the selinux module of some Huawei products that allows the user state to have the abili...

CVE-2021-34387

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is...

Google Android安全漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android, which originates from the fact that while waiting for a response to a callback or listener request, a non-secure client can change the privileges ...

Zephyr 缓冲区错误漏洞

Zephyr is a small real-time operating system for interconnected, resource-constrained embedded devices. A memory corruption vulnerability exists in Zephyr versions 1.14.2, 2.3.0. A local attacker can exploit this vulnerability by sending a malformed SPI response that corrupts kernel memory in the...

Race condition

Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.

...

CVE-2020-15265

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

CVE-2020-17399

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Parallels Desktop Information Disclosure Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. An information disclosure vulnerability exists in prlhypervisor kext in versions prior to Parallels Desktop 16.0.0 48916. The vulnerability can be exploited to obtain a memory address via a log file, which can be used in...

CVE-2020-10024

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 a...

New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel,...