6611 matches found
Immunity Canvas: SPECTRE_FILE_LEAK
Name| spectrefileleak ---|--- CVE| CVE-2017-5753 Exploit Pack| CANVAS Description| Spectre File Leak Notes| CVE Name: CVE-2017-5753 Notes: This module gives an unpriviledged user the ability to dump a file from the kernel memory. A common scenario is to dump the /etc/shadow or kerberos tickets...
hw: cpu: speculative execution permission faults handling
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...
hw: cpu: speculative execution permission faults handling
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...
hw: cpu: speculative execution permission faults handling
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...
Meltdown Vulnerability in CPU Processor Cores
CPU hardware is a set of firmware that runs in the CPU Central Processing Unit to manage and control the CPU. A Meltdown vulnerability exists in the CPU processor kernel that "melts" the security boundaries implemented by the hardware, allowing low-privileged user-level applications to "cross the...
CPU hardware vulnerable to side-channel attacks
Overview CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre. Description CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Both Spectre and Meltdown take...
hw: cpu: speculative execution permission faults handling
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...
Description of the security update for the Windows GDI information disclosure vulnerability in Windows Server 2008: January 3, 2018
Description of the security update for the Windows GDI information disclosure vulnerability in Windows Server 2008: January 3, 2018 Summary A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfull...
PT-2018-6841 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14.8 Description: The issue arises from improper validation of the sigevent-sigev notify field in the timer create syscall implementation. This leads to out-of-bounds access when the show timer function is...
CVE-2017-17741
Linux kernel compiled with the KVM virtualization CONFIGKVM support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memory bytes...
Huawei Enjoy phone has information leakage vulnerability
Huawei Enjoy 5S/5 are both a smartphone from the Chinese company Huawei Huawei. The Huawei Enjoy phone suffers from an information leakage vulnerability, which is due to the lack of effective checking of parameters on the device. An attacker induces the user to install a malicious application tha...
MacOS so_pcb type confusion in necp_get_socket_attributes(CVE-2017-13855)
When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls sotoinpcbso: errnot necpgetsocketattributesstruct socket so, struct sockopt sopt i...
Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones
Some Huawei smartphones have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some sensitive information in kernel memory, which may cause sensitive...
macOS necp_get_socket_attributes so_pcb Type Confusion Exploit
Exploit for macOS platform in category dos / poc MacOS sopcb type confusion in necpgetsocketattributes CVE-2017-13855 When setsockopt is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls...
macOS necp_get_socket_attributes so_pcb Type Confusion
MacOS sopcb type confusion in necpgetsocketattributes CVE-2017-13855 When setsockopt is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls sotoinpcbso: errnot necpgetsocketattributesstruct socke...
Apple macOS - necp_get_socket_attributes so_pcb Type Confusion
Apple macOS - necpgetsocketattributes sopcb Type Confusion / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1392&desc=2 When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes i...
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
Linux Kernel 4.13 Debian 9 - Local Privilege Escalation / disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define...
Apple macOS - 'necp_get_socket_attributes' so_pcb Type Confusion
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1392&desc=2 When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls...
CVE-2017-12823
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation...
Kernel Memory Corruption Vulnerability in Multiple Apple Products (CNVD-2018-00180)
Apple iOS, macOS High Sierra, tvOS, and watchOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. macOS High Sierra is a specialized operating system developed for Mac computers. tvOS is a smart TV operating system. watchOS is a smart watch operating system...