CVE-2023-52499 powerpc/47x: Fix 47x syscall return crash

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe

An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...

PT-2023-27032 · Undefined · Undefined

on to the next stage, the purpose of which was access to the iOS kernel. The kernel was manipulated using vulnerabilities CVE-2023-42434 and CVE-2023-39606. The operation of the first one opened read and write access to the entire physical memory of the device, the use of the...

PT-2023-28338 · Undefined · Undefined

on to the next stage, the purpose of which was access to the iOS kernel. The kernel was manipulated using vulnerabilities CVE-2023-42434 and CVE-2023-39606. The operation of the first one opened read and write access to the entire physical memory of the device, the use of the...

PT-2023-8471 · Imagination Technologies · Powervr Gpu Driver

Name of the Vulnerable Software and Affected Versions: PowerVR GPU driver affected versions not specified Description: The issue is related to a use after free in the PMR ReadBytes function of the PowerVR GPU driver, which could lead to arbitrary code execution. This might result in local...

kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...

Apple macOS Ventura 资源管理错误漏洞

Apple macOS Ventura is a desktop operating system by Apple Inc. A resource management error vulnerability exists in Apple macOS Ventura version 13.4, which originates from an application that may be able to execute arbitrary code using kernel privileges...

CVE-2022-48367

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled...

CVE-2022-32844

A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication...

PT-2023-1140 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in the Windows operating system kernel, allowing a remote attacker to potentially elevate their privileges. This could impact the system'...

CVE-2022-25746 Buffer Copy Without Checking Size of Input in Kernel

Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping...

Apple iOS 输入验证错误漏洞

Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in iOS prior to 15.6, iPadOS prior to 15.6, and macOS Monterey prior to 12.5, which stems from an integer overflow issue in input validation, and may allow an application to execute...

Memory corruption

Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2021-26391

Insufficient verification of multiple header signatures while loading a Trusted Application TA may allow an attacker with privileges to gain code execution in that TA or the OS/kernel...

PT-2022-9755 · Amd · Amd Radeon Rx 5000 Series & Pro W5000 Series +15

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient verification of multiple header signatures while loading a Trusted Application TA, which may allow an attacker with...

CVE-2022-42803

A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges...

Apple watchOS 安全漏洞

Apple watchOS is an operating system for smartwatches from the American company Apple. A security vulnerability exists in Apple watchOS version 9. An attacker exploiting this vulnerability could execute arbitrary code using kernel privileges...

Apple tvOS 安全漏洞

Apple tvOS is an operating system for smart TVs from Apple. A security vulnerability exists in Apple tvOS prior to version 16, which originates from an application being able to execute arbitrary code with kernel privileges...

PT-2022-5365 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in the Windows operating system kernel, allowing an attacker to potentially elevate their privileges. This could impact the system's...

Apple iOS和Apple iPadOS 竞争条件问题漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. Apple iOS version 15.6 and iPadOS version 15.6 contain a competitive condition vulnerability that arises from an applicati...