kernel: heap/stack gap jumping via unbounded stack allocations

A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...

CVE-2017-9605

The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...

CVE-2017-8468

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability...

CVE-2017-8465

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability...

CVE-2017-8472

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique fr...

CVE-2017-8470

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly...

Microsoft Windows Local Elevation of Privilege Vulnerability (CNVD-2017-12997)

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows, which arises from a failure of the Windows kernel mode driver to properly handle objects in memory. An attacker can exploit the...

CVE-2017-8239

In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory...

CVE-2017-8239

In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory...

CVE-2017-9605

The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...

Buffer overflow

The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...

CVE-2017-9605

CVE-2017-9605 affects the Linux kernel (up to and including 4.11.4) via the vmw_gb_surface_define_ioctl path (DRM_IOCTL_VMW_GB_SURFACE_CREATE) in vmwgfx_surface.c. The defect is that backup_handle is defined but not initialized, so when creating a GB surface with a previously allocated DMA buffer...

Windows GDI Information Disclosure Vulnerability

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker...

Windows GDI Information Disclosure Vulnerability

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker...

Windows GDI Information Disclosure Vulnerability

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker...

Windows GDI Information Disclosure Vulnerability

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker...

Windows GDI Information Disclosure Vulnerability

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker...

Apple macOS/iOS User Authorization Check Competing Conditions Vulnerability

Apple macOS is an operating system that runs on Apple's Macintosh line of computers, and Apple iOS is an operating system for Apple's cell phones. A competitive condition vulnerability exists in Apple iOS, Apple macOS, which allows an attacker to exploit the vulnerability to read kernel memory...

CVE-2017-9605

The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...

Apple macOS - 'stackshot' Raw Frame Pointers(CVE-2017-2516)

This is an issue that allows unentitled root to read kernel frame pointers, which might be useful in combination with a kernel memory corruption bug. By design, the syscall stacksnapshotwithconfig permits unentitled root to dump information about all user stacks and kernel stacks. While a target...