CVE-2025-67246

A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresse...

Enable Kernel ASLR

Address-space layout randomization ASLR randomly arranges the positions of the stack, function libraries, and programs to slightly different positions each time. As a result, the correct positions cannot be guessed, and buffer overflow attacks fail. In the Linux kernel, ASLR is classified into...

New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel,...

USN-4007-1 linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerability

Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization ASLR in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. As a hardeni...

Linux Semi-Arbitrary Task Stack Read On ARM64 / x86 Exploit

Linux suffers from a semi-arbitrary task stack read on ARM64 and x86 via /proc/$pid/stack. Linux: semi-arbitrary task stack read on ARM64 and x86 via /proc/$pid/stack This issue probably had the most impact on ARM64 kernels before commit e01e80634ecd "fork: unconditionally clear stack on fork",...

Microsoft Windows - nt!NtQueryInformationProcess (ProcessImageFileName) Kernel 64-bit Pool/Stack Mem

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryInformationProcess system call invoked with the ProcessImageFileName 0x1B information class discloses uninitialized kernel memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7...

Microsoft Windows - 'nt!NtQuerySystemInformation (SystemPageFileInformation(Ex))' Kernel 64-bit Stack Memory Disclosure

/ We have discovered that the nt!NtQuerySystemInformation system call invoked with the SystemPageFileInformation 0x12 and SystemPageFileInformationEx 0x90 information classes discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 t...

Microsoft Windows - 'nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation)' Kernel Pool Memory Disclosure

/ We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation 4 information class may disclose uninitialized kernel pool memory to user-mode clients. The vulnerability affects Windows 7 to 10, 32/64-bit. The output structu...

Microsoft Windows - 'nt!NtQueryVirtualMemory (MemoryImageInformation)' Kernel 64-bit Stack Memory Disclosure

/ We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryImageInformation 0x6 information class discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 8 to 10. The layout of the corresponding output...

Windows Kernel 64-bit stack memory disclosure in nt!KiDispatchException(CVE-2018-0897)

We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a EXCEPTIONRECORD structure to user-mode memory while passing execution to a user-mode exception handler. The vulnerability affects 64-bit versions of Windows 7 to 10. The leak was originally...

Windows Kernel 64-bit stack memory disclosure in win32k!PROXYPORT::SendRequest(CVE-2018-0814)

We have discovered that the win32k!PROXYPORT::SendRequest function sends ALPC messages with portions of uninitialized memory from the local stack frame on Windows 7 64-bit other versions were not tested. The message is 0x20 bytes long, 8 of which are uninitialized. The layout of the memory area i...

Windows Kernel 64-bit pool memory disclosure in win32k!UMPDOBJ::LockSurface(CVE-2018-0813)

We have discovered that the win32k!UMPDOBJ::LockSurface function discloses portions of uninitialized pool memory to user-mode clients. The bug was encountered on Windows 7 64-bit; other versions were not tested. The leak was detected in the context of the splwow64.exe process, under the following...

Microsoft Windows Kernel - nt!NtWaitForDebugEvent 64-bit Stack Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtWaitForDebugEvent system call discloses portions of uninitialized kernel stack memory to user-mode clients, on 64-bit versions of Windows 7 to Windows 10. The output buffer, and the corresponding temporary...

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit Pool Memory Disclosure

/ We have discovered that the nt!NtQueryVirtualMemory system call invoked with the 2 information class MemoryMappedFilenameInformation discloses portions of uninitialized kernel pool memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. The output buffer for...

Microsoft Windows Kernel - nt!NtWaitForDebugEvent 64-bit Stack Memory Disclosure

Microsoft Windows Kernel - nt!NtWaitForDebugEvent 64-bit Stack Memory Disclosure / We have discovered that the nt!NtWaitForDebugEvent system call discloses portions of uninitialized kernel stack memory to user-mode clients, on 64-bit versions of Windows 7 to Windows 10. The output buffer, and the...

Microsoft Windows Kernel - NtQueryInformationThread(ThreadBasicInformation) 64-bit Stack Memory Disc

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryInformationThread system call invoked with the 0 information class ThreadBasicInformation discloses portions of uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit...

KB4074588: Windows 10 Version 1709 and Windows Server Version 1709 February 2018 Security Update

The remote Windows host is missing security update 4074588. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a...

Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)' Kernel Stack Memory Disclosure

/ We have discovered that the nt!NtQueryInformationProcess system call invoked with the 76 information class discloses portions of uninitialized kernel stack memory to user-mode clients. The specific information class is handled by an internal nt!PsQueryProcessEnergyValues function. While we don'...

Microsoft Windows - 'nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformation)' Kernel Pool Memory Disclosure

/ We have discovered that the nt!NtQuerySystemInformation system call invoked with the 138 information class discloses portions of uninitialized kernel pool memory to user-mode clients. The specific information class is handled by an internal nt!ExpQueryMemoryTopologyInformation function. While w...

Microsoft Windows - nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformati

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQuerySystemInformation system call invoked with the 138 information class discloses portions of uninitialized kernel pool memory to user-mode clients. The specific information class is handled by an internal...