Android Qualcomm Buspm Driver Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA.Qualcomm Buspm Driver is one of the Qualcomm Buspm drivers. A boost vulnerability exists in Android's Qualcomm Buspm Driver, which can be exploited by a local attacker to execute arbitrary...

Android Qualcomm MDP Driver Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA.Qualcomm MDP Driver is one of the Qualcomm MDP drivers. A power lifting vulnerability exists in Android's Qualcomm MDP Driver, which can be exploited by a local attacker to execute...

Android NVIDIA Video Driver Mobilization Vulnerability (CNVD-2016-02832)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA.NVIDIA Video Driver is one of the NVIDIA video card drivers. A boost vulnerability exists in Android's NVIDIA Video Driver, which can be exploited by a local attacker to execute...

Android MediaTek Wi-Fi Driver Privilege Mobilization Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA.MediaTek Wi-Fi Driver is one of the MediaTek wireless card drivers. A boost vulnerability exists in Android's MediaTek Wi-Fi Driver, which can be exploited by a local attacker to execute...

Android Qualcomm Power Management Component Power Elevation Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and Qualcomm Power Management is a power management component developed by Qualcomm. An elevation of privilege vulnerability exists in the Qualcomm Power Management component in Android...

Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=678 The wireless driver for the Android One sprout devices has a bad copyfromuser in the handling for the wireless driver socket private read ioctl IOCTLGETSTRUCT with subcommand...

Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the old task object leaving a short race window where we can manipula...

Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution

Exploit for multiple platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the old task...

Apple iOS Kernel Competitive Conditions Vulnerability

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A competitive condition vulnerability exists in the Kernel implementation in versions prior to iOS 9.3, which can lead to the execution of arbitrary code with...

Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728 External Method 36 of IOUSBInterfaceUserClient is AbortStreamPipe. It takes two scalar inputs and uses the second one as an array index to read a pointer to a C++ object without checking the bounds then calls a virtual method...

Apple Mac OSX iOS - SUID Binary Logic Error Kernel Code Execution

Apple Mac OSX iOS - SUID Binary Logic Error Kernel Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the...

Apple Mac OSX - Kernel Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728 External Method 36 of IOUSBInterfaceUserClient is AbortStreamPipe. It takes two scalar inputs and uses the second one as an array index to read a pointer to a C++ object withou...

Google Nexus Qualcomm Performance Component Mobilization Vulnerability

Google Nexus is a series of smart devices based on the Android operating system, including a cell phone and tablet. The smart device is manufactured by Google by providing technology and authorizing partner hardware manufacturers, Qualcomm performance is one of the Qualcomm performance components...

Apple Mac OSX - 'IOBluetoothHCIUserClient' Arbitrary Kernel Code Execution

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=569 IOBluetoothHCIUserClient uses an IOCommandGate to dispatch external methods; it passes a pointer to the structInput of the external method as arg0 and ::SimpleDispatchWL as the Action. It neither passes nor checks t...

Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution

Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=569 IOBluetoothHCIUserClient uses an IOCommandGate to dispatch external methods; it passes a pointer to the structInput of the external method as arg0 and...

Apple Mac OSX / iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overfl

Exploit for multiple platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=543 NKE control sockets are documented here: https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/NKEConceptual/control/control.html By default ther...

Apple Mac OSX iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow

Apple Mac OSX iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow / Source: https://code.google.com/p/google-security-research/issues/detail?id=543 NKE control sockets are documented here:...

Apple Mac OSX / iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=543 NKE control sockets are documented here: https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/NKEConceptual/control/control.html By default there are actually a bunch of these providers; they are...

Apple OS X Disk Image Memory Corruption Vulnerability

Apple OS X is an operating system developed by Apple Inc. Apple OS X suffers from a memory corruption vulnerability in the handling of disk image files, which allows attackers to exploit the vulnerability to construct malicious files that can be induced to be parsed by an application, which can b...

Microsoft Windows Core Memory Privilege Elevation Vulnerability (CNVD-2015-08020)

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the Microsoft Windows kernel that arises from a program's failure to properly handle objects in memory. An attacker could exploit the vulnerability to r...