Microsoft Windows and Macrovision SafeDisc secdrv.sys driver memory misreference vulnerability

Microsoft Windows Vista, etc. are a series of operating systems released by Microsoft Corporation, U.S.A. Macrovision SafeDisc is a suite of copy protection programs for Windows applications and games distributed on CD-ROMs from the U.S.A. Macrovision. secdrv. sys is one of the drivers used by...

Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC)

function stage4 function mallocsz var backing = new Uint8Array1000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new Uint8Array0x1000+sz4; window.nogc.pushbacking; var ptr =...

Sony Playstation 4 (PS4) 4.07 4.55 - bpf Local Kernel Code Execution (PoC)

Sony Playstation 4 PS4 4.07 4.55 - bpf Local Kernel Code Execution PoC function stage4 function mallocsz var backing = new Uint8Array1000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new...

CVE-2018-7273

In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function showfloppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel...

CVE-2017-9689

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a specially-crafted HDMI CEC message can be used to cause stack memory corruption...

macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkCo

Exploit for macOS platform in category dos / poc...

Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig

Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1375 AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to ind...

Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1375 AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to index a small table of pointers without bounds checking. The OOB-read pointer is passed to...

Linux Kernel DCCP Socket Use-After-Free

/ This is an announcement for CVE-2017-8824 which is a use-after-free vulnerability I found in Linux DCCP socket. It can be used to gain kernel code execution from unprivileged processes. Youall find in attachment the proof of concept code and the kernel panic log. BUG DETAILS When a socket sock...

Linux Kernel - DCCP Socket Use-After-Free Exploit

Exploit for linux platform in category dos / poc / This is an announcement for CVE-2017-8824 which is a use-after-free vulnerability I found in Linux DCCP socket. It can be used to gain kernel code execution from unprivileged processes. You’ll find in attachment the proof of concept code and the...

Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices

Posted by Gal Beniamini, Project Zero In this blog post we’ll complete our goal of achieving remote kernel code execution on the iPhone 7, by means of Wi-Fi communication alone. After developing a Wi-Fi firmware exploit in the previous blog post, we are left with the task of using our newly...

CVE-2017-14344

The CVE-2017-14344 entry affects Jungo WinDriver's windrvr1240 kernel driver (likely

kernel: stack buffer overflow in the native Bluetooth stack

A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel CONFIGCCSTACKPROTECTOR=y, which is enabled on all architectures other tha...

Multiple Apple Products IOUSBFamily Memory Corruption Vulnerability

Apple macOS Sierra, iOS, tvOS, and watchOS are products of Apple Inc. Apple macOS Sierra is a specialized operating system developed for Mac computers. iOS is an operating system developed for mobile devices. tvOS is a smart TV operating system. watchOS is a smart watch operating system; watchOS ...

CVE-2017-6249

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A...

Microsoft Windows Graphics elevation of privilege vulnerability (CNVD-2017-16000)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Graphics is one of the graphics driver components. An elevation of privilege vulnerability exists in Graphics in Microsoft Windows, which stems from a failure of the Graphics component to properly...

Microsoft Windows Graphics Component Elevation of Privilege Vulnerability (CNVD-2017-18941)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Graphics is one of the graphics driver components. An elevation of privilege vulnerability exists in Graphics in Microsoft Windows, which stems from a failure of the Graphics component to properly...

Microsoft Windows Graphics Component Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Graphics is one of the graphics driver components. An elevated privilege vulnerability exists in Graphics in Microsoft Windows, which stems from the Graphics component failing to properly handle objec...

Google Android Qualcomm component has multiple vulnerabilities

Android is a free and open-source Linux-based operating system used primarily on mobile devices. Multiple vulnerabilities exist in the Google Android Qualcomm component. An attacker can exploit the vulnerabilities to obtain sensitive information and execute arbitrary code with elevated privileges...

Multiple vulnerabilities in Google Android Qualcomm components (CNVD-2017-14376)

Android is a free and open-source Linux-based operating system used primarily on mobile devices. Multiple vulnerabilities exist in the Google Android Qualcomm component. An attacker can exploit the vulnerabilities to obtain sensitive information and execute arbitrary code with elevated privileges...