2854 matches found
CVE-2021-28715
CVE-2021-28715 concerns the Linux kernel netback driver in Xen guests. The Xen netback path buffers incoming guest data until the guest processes it, and although there are safeguards to limit buffering, an attacker running in a guest can bypass them. Specifically, when using UDP on a fast interf...
CVE-2021-28715
Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...
CVE-2021-28714
Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...
OpenBSD 信息泄露漏洞
OpenBSD is a cross-platform, BSD-based UNIX-like operating system from the Canadian OpenBSD project team. OpenBSD suffers from an information disclosure vulnerability that stems from an error in the implementation of multicast routing in the OpenBSD kernel. A local user can run a specially crafte...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Sophos Hitmanpro
引用 这篇文章的目的是介绍一种基于内核态内存的越界写入通用利用技术和相关工具复现. toc 简介 笔者的在原作者池风水利用工具以下简称工具基础上进行二次开发,新增了全自动获取内核调试模块符号的偏移量及配置参数和不同漏洞利用方式优化等功能, 解决了不同Windows版本适配问题,工具包括适配驱动和利用程序两部分组成,实现了在Windows 10 19H1之后任意版本包括满补丁系统上的稳定利用. 自Windows 10 19H1开始,用户层段堆(Segment Heap)结构后端逻辑被用于内核层,主要分为低碎片化堆Low-fragmentation Heap与VS堆Variable Size...
PT-2021-8042 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17-rc1 Description: The issue is related to an information leak flaw in the Linux kernel's TIPC protocol subsystem. This flaw occurs due to uninitialized memory when a user sends a TIPC datagram to one or more...
Privilege Escalation
linux-azure:hirsute is vulnerable to privilege escalation. aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c allows an attacker to access the Aspeed LPC control interface and to overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a...
Linux kernel 安全漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. kernel is one of the kernel-based virtual machines. a security vulnerability exists in Linux kernel, which stems from the fact that guest users can force the Linux netback driver to consume large amounts...
Information disclosure
In quotaprocwrite of xtquota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
The vulnerability of the Yarus C2100 payment terminal software allows a perpetrator to execute arbitrary code with root privileges of the operating system.
The vulnerability of the Yarus C2100 payment terminal software relates to the possibility of a memory overflow in the kernel’s static memory when working with smart cards. Exploiting this vulnerability can allow an attacker to execute arbitrary code with root privileges on the operating system...
CVE-2020-12894
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service...
Denial of service
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service...
CVE-2020-12894
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service...
kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory
A flaw was found in the Linux kernel's eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAPSYSADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all syste...
USN-5130-1: Linux kernel vulnerabilities
Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-29661 Jann Horn...
AMD Graphics Driver for Windows 10
Bulletin ID: AMD-SB-1000 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary In a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege...
CVE-2021-30845
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory...
CVE-2021-30845
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory...
Cross site scripting
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory...
CVE-2021-30845
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory...