56 matches found
CVE-2024-4763
An insecure driver vulnerability was reported in Lenovo Display Control Center LDCC and Lenovo Accessories and Display Manager LADM that could allow a local attacker to escalate privileges to kernel...
CVE-2023-35633
Windows Kernel Elevation of Privilege Vulnerability...
PT-2023-8469 · Imagination Technologies · Powervr Gpu Driver
Name of the Vulnerable Software and Affected Versions: PowerVR GPU driver affected versions not specified Description: The issue is related to a use after free in the RGXUnbackingZSBuffer function of the PowerVR GPU driver, which could lead to arbitrary code execution. This might result in local...
PT-2023-8472 · Imagination Technologies · Powervr Gpu Driver
Name of the Vulnerable Software and Affected Versions: devicemem server.c affected versions not specified Description: The issue is related to a use after free in the DevmemIntMapPMR function of devicemem server.c, which could lead to arbitrary code execution. This might result in local escalatio...
PT-2023-8468 · Unknown · Powervr Gpu Driver
Name of the Vulnerable Software and Affected Versions: PowerVR GPU driver versions affected versions not specified Description: The issue is related to a buffer overflow in the PowerVR GPU driver, specifically in the PMR ReadBytes function for Android and ChromeOS, and an out of bounds write in t...
PT-2023-8464 · Imagination Technologies · Powervr Gpu Driver
Name of the Vulnerable Software and Affected Versions: PowerVR GPU driver versions affected versions not specified Description: The issue is related to a race condition in the DevmemIntAcquireRemoteCtx function of the PowerVR GPU driver, which can lead to arbitrary code execution and local...
CVE-2023-33952
A double-free vulnerability was found in handling vmwbufferobject objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to...
SUSE CVE-2019-2215
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network...
CVE-2022-46701
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges...
CVE-2022-32947
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges...
CVE-2022-20397
In SitRilClientOnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
PT-2022-21504 · Apple · Macos Monterey +3
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.6 iPadOS versions prior to 15.6 macOS Monterey versions prior to 12.5 Description: The issue allows an app to potentially execute arbitrary code with kernel privileges due to insufficient checks. This could lead to...
kernel: buffer overflow in IPsec ESP transformation code
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...
PUB-A-222091980
In rcucblistdequeue of rcusegcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-20118
In ionioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid...
Out-of-bounds
In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
Google Android fts_driver_test_write Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
DEBIAN-CVE-2020-0404
In uvcscanchainforward of uvcdriver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2020-17402
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 47270. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
PlayStation: SOCK_RAW sockets reachable from Webkit process allows triggering double free in IP6_EXTHDR_CHECK
Summary Memory corruption can be achieved by sending fragmented IPv6 packets to loopback interface due to poor and inconsistent use of IP6EXTHDRCHECK. The macro IP6EXTHDRCHECK can free the mbuf if the packet is sent to loopback interface. This fact is not considered in dest6input, frag6input and...