PT-2023-5023 · Amd · Amd Uprof

Name of the Vulnerable Software and Affected Versions: AMD uProf affected versions not specified Description: Insufficient validation in the IOCTL input buffer in AMD uProf may allow an authenticated user to load an unsigned driver, potentially leading to arbitrary kernel execution. The issue can...

AMD μProf Security Vulnerability

AMD μProf is a software analysis tool from Ultra Micro Semiconductor AMD. AMD μProf suffers from a security vulnerability that stems from insufficient validation of the IOCTL input buffer, which allows an attacker to load an unsigned driver, leading to arbitrary kernel execution...

AMD Ryzen™ Master Security Bulletin

Bulletin ID: AMD-SB-7004 Potential Impact: Varies by CVE, see descriptions below Severity: V aries by CVE, see descriptions below Summary AMD Ryzen™ Master is a software tool that provides users access to advanced settings, such as clock and voltage settings, to control system performance in...

AMD μProf Security Bulletin

Bulletin ID: AMD-SB-7003 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD μProf “MICRO-prof” is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event...

PT-2023-23641 · Tesla · Tesla Model 3

Name of the Vulnerable Software and Affected Versions: Tesla Model 3 affected versions not specified Description: This issue allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi subsystem in order t...

AZL-27402 CVE-2023-32254 affecting package kernel for versions less than 5.15.118.1-1

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2TREEDISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...

Out-of-bounds

A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver...

Input validation

A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver...

CVE-2023-2570

CVE-2023-2570 involves an Improper Validation of Array Index in the Foxboro.sys driver IOCTL handling, leading to local denial-of-service and potential kernel execution. Root cause: incorrect validation of an array index. Affected product context appears to be Schneider Electric EcoStruxure Foxbo...

CVE-2023-2570

A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver...

CVE-2023-2569

CVE-2023-2569 affects Schneider Electric EcoStruxure Foxboro DCS components, with the Foxboro.sys driver exposing an Out-of-Bounds Write via an IOCTL call. The concrete root cause described across sources is a boundary/array bound error while handling untrusted input, enabling a local attacker wi...

CVE-2023-2569

A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver...

PT-2023-3076 · Unknown · Foxboro.Sys

Name of the Vulnerable Software and Affected Versions: Foxboro.sys driver affected versions not specified Description: A CWE-787: Out-of-Bounds Write issue exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local...

PT-2023-3636 · Apple · Macos Ventura +5

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.5 iPadOS versions prior to 16.5 watchOS versions prior to 9.5 tvOS versions prior to 16.5 macOS Ventura versions prior to 13.4 Description: A type confusion issue was addressed with improved checks, which may allow an...

SUSE CVE-2021-38300

arch/mips/net/bpfjit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architectur...

EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2023-1223)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to...

CVE-2022-2484

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2932)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-20569

In thermalcoolingdevicestatsupdate of thermalsysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2022-26620 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: Apple macOS versions prior to 11.7.2 Apple macOS versions prior to 12.6.2 Apple macOS versions prior to 13.1 Apple iOS versions prior to 16.2 Apple iPadOS versions prior to 16.2 Apple tvOS versions prior to 16.2 Apple watchOS versions prior t...