6608 matches found
CVE-2017-7541
Kernel memory corruption due to a buffer overflow was found in brcmfcfg80211mgmttx function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211CMDFRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace...
DEBIAN-CVE-2017-11472
The acpinsterminate function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism in the kernel throug...
CVE-2017-11472
The acpinsterminate function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism in the kernel throug...
CVE-2017-11472
CVE-2017-11472 affects the Linux kernel via the acpi_ns_terminate() path in drivers/acpi/acpica/nsutils.c. The flaw does not flush the operand cache, enabling a local user to dump kernel memory and bypass KASLR by crafting an ACPI table, with impact described for kernels before 4.12 (and through ...
Juniper Networks Junos OS DoS Vulnerability
Junos OS is prone to a denial of service vulnerability in sendmsg. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"...
CVE-2017-10911
The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structure...
ALPINE-CVE-2017-10911
The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structure...
Invincea-X SboxDrv.sys Version Number Query Local Privilege Escalation Vulnerability
Summary An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a specia...
Linux Kernel 'saa7164-bus.c' Local Elevation of Privilege Vulnerability
Linux is a free-to-use and freely distributed Unix-like operating system, a multi-user, multi-tasking, multi-threaded and multi-CPU supported operating system based on POSIX and UNIX. A local elevation of privilege vulnerability exists in Linux Kernel 'saa7164-bus.c'. A local attacker can exploit...
kernel: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
Microsoft Windows - win32k!NtGdiGetTextMetricsW Kernel Stack Memory Disclosure Exploit
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1180 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other systems untested through the...
Windows Kernel ATMFD.DLL out-of-bounds read due to malformed Name INDEX in the CFF table(CVE-2017-8483)
We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see below: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was allocated and more than N bytes are being referenced. This cannot be protected by try-except. When...
Microsoft Windows Kernel - 'ATMFD.DLL' Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1213 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see below: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was allocated and more than N byt...
Microsoft Windows - win32k!NtGdiGetOutlineTextMetricsInternalW Kernel Stack Memory Disclosure
Microsoft Windows - win32k!NtGdiGetOutlineTextMetricsInternalW Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1179 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in...
Microsoft Windows - nt!NtQueryInformationTransaction (information class 1) Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationTransaction information class 1 Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1196 We have discovered that the nt!NtQueryInformationTransaction system call called with the 1 information class discloses...
Microsoft Windows - nt!KiDispatchException Kernel Stack Memory Disclosure in Exception Handling
Microsoft Windows - nt!KiDispatchException Kernel Stack Memory Disclosure in Exception Handling / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1177 According to our tests, the generic exception dispatching code present in the Windows kernel Windows 7-10 discloses portions of...
Microsoft Windows - win32k!NtGdiGetOutlineTextMetricsInternalW Kernel Pool Memory Disclosure
Microsoft Windows - win32k!NtGdiGetOutlineTextMetricsInternalW Kernel Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1144 The win32k!NtGdiGetOutlineTextMetricsInternalW system call corresponds to the documented GetOutlineTextMetrics API function 1, and ...
kernel: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
kernel: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
CVE-2017-9605
The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...