Android Qualcomm USB Driver Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm USB Driver is a USB driver component developed by Qualcomm. The Qualcomm USB Driver in Android is vulnerable to a power lifting vulnerability. The vulnerability can b...

Android Qualcomm camera driver elevation of privilege vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm Camera Driver is a camera driver developed by Qualcomm. An elevation of privilege vulnerability exists in the Qualcomm Camera Driver for Android. A local attacker cou...

Android Qualcomm Sound Driver Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and the Qualcomm Sound Driver is a Qualcomm-developed sound driver used in it. A power lifting vulnerability exists in the Qualcomm Sound Driver for Android. An attacker can exploit this...

Android Qualcomm Sound Driver Elevation of Privilege Vulnerability (CNVD-2016-03855)

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and the Qualcomm Sound Driver is a Qualcomm-developed sound driver used in it. An elevation of privilege vulnerability exists in the Qualcomm Sound Driver for Android. An attacker can...

Apple OS X El Capitan NVIDIA Graphics Drivers Arbitrary Code Execution Vulnerability

Apple OS X El Capitan is an operating system on Apple devices. An unspecified security vulnerability in Apple OS X El Capitan NVIDIA Graphics Drivers allows attackers to exploit the vulnerability to execute arbitrary code with kernel privileges...

Apple OS X El Capitan Graphics Driver Buffer Overflow Vulnerability

Apple OS X El Capitan is an operating system on Apple devices. A security vulnerability in the graphics driver of Apple OS X El Capitan allows attackers to exploit the vulnerability to execute arbitrary code with kernel privileges...

Android Qualcomm MDP Driver Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA.Qualcomm MDP Driver is one of the Qualcomm MDP drivers. A power lifting vulnerability exists in Android's Qualcomm MDP Driver, which can be exploited by a local attacker to execute...

Android NVIDIA Video Driver Mobilization Vulnerability (CNVD-2016-02832)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA.NVIDIA Video Driver is one of the NVIDIA video card drivers. A boost vulnerability exists in Android's NVIDIA Video Driver, which can be exploited by a local attacker to execute...

Android Qualcomm Buspm Driver Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA.Qualcomm Buspm Driver is one of the Qualcomm Buspm drivers. A boost vulnerability exists in Android's Qualcomm Buspm Driver, which can be exploited by a local attacker to execute arbitrary...

Android MediaTek Wi-Fi Driver Privilege Mobilization Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA.MediaTek Wi-Fi Driver is one of the MediaTek wireless card drivers. A boost vulnerability exists in Android's MediaTek Wi-Fi Driver, which can be exploited by a local attacker to execute...

Android Qualcomm Power Management Component Power Elevation Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and Qualcomm Power Management is a power management component developed by Qualcomm. An elevation of privilege vulnerability exists in the Qualcomm Power Management component in Android...

Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=678 The wireless driver for the Android One sprout devices has a bad copyfromuser in the handling for the wireless driver socket private read ioctl IOCTLGETSTRUCT with subcommand...

Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the old task object leaving a short race window where we can manipula...

Apple iOS Kernel Competitive Conditions Vulnerability

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A competitive condition vulnerability exists in the Kernel implementation in versions prior to iOS 9.3, which can lead to the execution of arbitrary code with...

Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution

Exploit for multiple platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the old task...

Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728 External Method 36 of IOUSBInterfaceUserClient is AbortStreamPipe. It takes two scalar inputs and uses the second one as an array index to read a pointer to a C++ object without checking the bounds then calls a virtual method...

Apple Mac OSX - Kernel Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728 External Method 36 of IOUSBInterfaceUserClient is AbortStreamPipe. It takes two scalar inputs and uses the second one as an array index to read a pointer to a C++ object withou...

Apple Mac OSX iOS - SUID Binary Logic Error Kernel Code Execution

Apple Mac OSX iOS - SUID Binary Logic Error Kernel Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the...

Google Nexus Qualcomm Performance Component Mobilization Vulnerability

Google Nexus is a series of smart devices based on the Android operating system, including a cell phone and tablet. The smart device is manufactured by Google by providing technology and authorizing partner hardware manufacturers, Qualcomm performance is one of the Qualcomm performance components...

Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution

Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=569 IOBluetoothHCIUserClient uses an IOCommandGate to dispatch external methods; it passes a pointer to the structInput of the external method as arg0 and...