CVE-2021-0961

In quotaprocwrite of xtquota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

UBUNTU-CVE-2021-39648

In gadgetdevdescUDCshow of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

UBUNTU-CVE-2021-0961

In quotaprocwrite of xtquota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Exploit for Out-of-bounds Write in Google Android

inspector-gadget Go Go Gadget Exploit! ..--"...

About the security content of macOS Big Sur 11.6.2

About the security content of macOS Big Sur 11.6.2 This document describes the security content of macOS Big Sur 11.6.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

About the security content of Security Update 2021-008 Catalina

About the security content of Security Update 2021-008 Catalina This document describes the security content of Security Update 2021-008 Catalina. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has...

VulnCheck KEV: CVE-2017-15303

In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine while CPU-Z is running can issue an ioctl 0x9C402430 call to the kernel-mode driver e.g., cpuz141x64.sys for version 1.41...

The vulnerability of the Yarus C2100 payment terminal software allows a perpetrator to execute arbitrary code with root privileges of the operating system.

The vulnerability of the Yarus C2100 payment terminal software relates to the possibility of a memory overflow in the kernel’s static memory when working with smart cards. Exploiting this vulnerability can allow an attacker to execute arbitrary code with root privileges on the operating system...

Exploit for Improper Input Validation in Linux Linux_Kernel

This is a PoC exploit for CVE-2021-3490, a Linux kernel vulnerability. The exploit targets the eBPF subsystem and leverages a bug in the verifier to gain arbitrary read and write access to kernel memory. The exploit is designed to work on Ubuntu 20.04.02 and 20.10 Groovy Gorilla kernels 5.8.0-25....

USN-5161-1 linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the AMD...

PT-2021-7401 · Qualcomm · Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions affected versions not specified Description: The issue is related to a memory corruption in the Kernel due to a race condition while getting a mapping reference. This can occur in various Snapdragon products,...

The vulnerability of the MODAPI.sys driver software, used for optimizing performance in the MSI Dragon Center, allows a hacker to increase their privileges.

The vulnerability of the MODAPI.sys driver software used for optimizing the performance of MSI Dragon Center relates to the ability to access kernel memory. Exploiting this vulnerability can allow an attacker to enhance their privileges...

CVE-2020-12894

Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service...

Denial of service

Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service...

CVE-2020-12894

Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service...

GSD-2021-1002157 mlxsw: thermal: Fix out-of-bounds memory accesses

mlxsw: thermal: Fix out-of-bounds memory accesses This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15 by commit...

kernel: net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()

An uninitialized memory access flaw was found in the Linux kernel's QRTR Qualcomm IPC Router protocol in the transmit resume handling. When processing RESUMETX messages, if the packet size is smaller than the expected control structure, the qrtrtxresume function reads uninitialized memory from th...

kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory

A vulnerability was discovered in retrieveptrlimit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads Spectre mitigation. In this flaw a local, special user privileged CAPSYSADMIN BPF program running on affected systems may bypass the protection,...

kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory

A flaw was found in the Linux kernel's eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAPSYSADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all syste...

kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory

A vulnerability was discovered in retrieveptrlimit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads Spectre mitigation. In this flaw a local, special user privileged CAPSYSADMIN BPF program running on affected systems may bypass the protection,...