CVE-2018-6919

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts...

FreeBSD-SA-18:04.vt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:04.vt Security Advisory The FreeBSD Project Topic: vt console memory disclosure Category: core Module: vt console Announced: 2018-04-04 Credits: Dr Silvio...

FreeBSD -- vt console memory disclosure

Problem Description: Insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Characters that reference this data can be displayed on the screen, effectively disclosing kernel memory. Impact:...

CVE-2017-17319

Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application,...

Huawei P9 Information Disclosure Vulnerability

Huawei P9 is a smartphone from Chinese company Huawei Huawei. The Huawei P9 suffers from an information disclosure vulnerability where the system fails to reasonably protect a resource when it is accessed by multiple threads. An attacker can cause kernel information leakage by tricking a user wit...

Information disclosure

Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334C00; the versions before LON-AL00B 8.0.0.334C00 have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a malicious application and...

CVE-2017-17139

Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334C00; the versions before LON-AL00B 8.0.0.334C00 have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a malicious application and...

CVE-2018-7250

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of...

Code injection

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of...

CVE-2018-7250

CVE-2018-7250 affects secdrv.sys in Microsoft Windows Vista/7/8/8.1 (before KB3086255) and Macrovision SafeDisc. The issue is an uninitialized kernel pool allocation in IOCTL 0xCA002813 that allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. Impact is inf...

Multiple CPUs - Information Leak Using Speculative Execution

== INTRODUCTION == This is a bug report about a CPU security issue that affects processors by Intel, AMD and to some extent ARM. I have written a PoC for this issue that, when executed in userspace on an Intel Xeon CPU E5-1650 v3 machine with a modern Linux kernel, can leak around 2000 bytes per...

Huawei Mate cell phone information leakage vulnerability

The Huawei Mate 9 and Mate 9 Pro are both smartphones from the Chinese company Huawei. Huawei Mate 9 and Mate 9 Pro suffer from an information disclosure vulnerability. The vulnerability can be exploited by an attacker to obtain kernel data by tricking a user into installing a malicious...

FreeBSD : FreeBSD -- Kernel data leak via ptrace(PT_LWPINFO) (34a3f9b5-dab3-11e7-b5af-a4badb2f4699)

Not all information in the struct ptracelwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack...

FreeBSD -- Kernel data leak via ptrace(PT_LWPINFO)

Problem Description: Not all information in the struct ptracelwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of informatio...

FreeBSD-SA-17:08.ptrace

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:08.ptrace Security Advisory The FreeBSD Project Topic: Kernel data leak via ptracePTLWPINFO Category: core Module: ptrace Announced: 2017-11-15 Credits: Ilja...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2017-7441

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 included in the HitmanPro.Alert solution and Sophos Clean, a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical informatio...

Design/Logic Flaw

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 included in the HitmanPro.Alert solution and Sophos Clean, a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical informatio...

CVE-2017-7441

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 included in the HitmanPro.Alert solution and Sophos Clean, a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical informatio...

CVE-2017-7441

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 included in the HitmanPro.Alert solution and Sophos Clean, a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical informatio...