CVE-2018-3970

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to...

CVE-2018-3970

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to...

CVE-2018-3970

Sophos HitmanPro.Alert 3.7.6.744 contains an exploitable memory-disclosure vulnerability in the hmpalert IOCTL handler (0x222000). A crafted IRP/IOCTL request can leak kernel memory to user mode, as confirmed by TALOS-2018-0635 and related OpenVAS/PT-2018-16350 analyses. The issue affects the IOC...

Vulnerability Spotlight: TALOS-2018-0635/0636 - Sophos HitmanPro.Alert memory disclosure and code execution vulnerabilities

Marcin Noga of Cisco Talos discovered this vulnerability. Overview Cisco Talos is disclosing two vulnerabilities in Sophos HitmanPro.Alert, a malware detection and protection tool. Both vulnerabilities lie in the input/output control IOCTL message handler. One could allow an attacker to read kern...

USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband...

USN-3797-1: Linux kernel vulnerabilities

Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service system crash. CVE-2018-14734 It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kerne...

Apple iOS / macOS - Kernel Memory Corruption due to Integer Overflow Exploit

Exploit for multiple platform in category dos / poc...

Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport

/ IOHIDResourceQueue inherits from IOSharedDataQueue and adds its own ::enqueueReport method, which seems to be mostly copy-pasted from IOSharedDataQueue and IODataQueue's ::enqueue methods. I reported a bunch of integer overflows in IODataQueue over four years ago CVE-2014-4389, apple issue...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4242)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4242 advisory. - cdrom: Fix info leak/OOB read in cdromioctldrivestatus Scott Bauer Orabug: 28664499 CVE-2018-16658 - ACPICA: acpi: acpica: fix acpi operand cache lea...

Linux kernel information disclosure vulnerability (CNVD-2018-20690)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the callers of the 'showopcodes' function in the Linux kernel, which stems from a lack of address detection in the...

Immunity Canvas: DMESG_LEAK

Name| dmesgleak ---|--- CVE| CVE-2018-14656 Exploit Pack| CANVAS Description| dmesgleak Notes| CVE Name: CVE-2018-14656 NOTES: This module gives an unpriviledged user the ability to dump a file from the kernel memory. A common scenario is to dump the /etc/shadow or kerberos tickets. Note: This on...

Design/Logic Flaw

A missing address check in the callers of the showopcodes in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log...

DEBIAN-CVE-2018-14656

A missing address check in the callers of the showopcodes in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log...

CVE-2018-14656

A missing address check in the callers of the showopcodes in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log...

CVE-2018-17155

In FreeBSD before 11.2-STABLEr338983, 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLEr338984, and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13093: Prevent NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. Th...

CVE-2017-18302

In Snapdragon Automobile ,Mobile in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SnapdragonHighMed2016, a crafted HLOS client can modify the structure in memory passed to a QSEE...

Memory corruption

In Snapdragon Automobile ,Mobile in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SnapdragonHighMed2016, a crafted HLOS client can modify the structure in memory passed to a QSEE...

UBUNTU-CVE-2018-3574

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the IONFLAGSECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which...

EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1256)

According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to...