The vulnerability of the IOCTL processor 0x8200E804 of the hardware security keys of the WibuKey software allows a perpetrator to cause kernel memory corruption.

The vulnerability of the WibuKey hardware security keys’ software lies in the IOCTL device driver 0x8200E804 WibuKey.sys, which is related to buffer overflow attacks. Exploiting this vulnerability can lead to damage to the kernel memory and may also result in an increase in privileges, through th...

MGASA-2019-0068 Updated opencontainers-runc packages fix security vulnerability

Not using pivotroot2 leaves the host /proc around in the mount namespace so that it is possible to mount another /proc without any other submount, even if /proc in the container is not fully visible. This flaw allows an attacker to read and modify some parts of the Linux kernel memory rhbz1663068...

CVE-2018-11847

Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon...

SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-9516: In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead...

Apple iOS, macOS and tvOS Kernel Memory Corruption Vulnerability

Apple iOS is an operating system developed for mobile devices; macOS Sierra, macOS High Sierra, and macOS Mojave are different versions of a specialized operating system developed for Mac computers; tvOS is a smart TV operating system. Kernel is one of the kernel components. A security...

Apple iOS, tvOS and macOS Kernel Memory Initialization Vulnerability

Apple iOS is an operating system developed for mobile devices; macOS Sierra, macOS High Sierra, and macOS Mojave are different versions of a specialized operating system developed for Mac computers; tvOS is a smart TV operating system. Kernel is one of the kernel components. A security...

Pointer dereference in subsystem in Intel(R) Graphics Driver allows unprivileged user to elevate privileges via local access

Summary: The Intel® Graphics Drivers for Windows Code can fail to adequately validate a pointer input. This may lead to modification of kernel memory and a potential for an escalation of privilege. Reference CVE-2017-5727. Description: The Intel® Graphics Drivers for Windows Code can fail to...

voucher_swap: Exploiting MIG reference counting in iOS 12

Posted by Brandon Azad, Project Zero In this post I'll describe how I discovered and exploited CVE-2019-6225, a MIG reference counting vulnerability in XNU's taskswapmachvoucher function. We'll see how to exploit this bug on iOS 12.1.2 to build a fake kernel task port, giving us the ability to re...

WIBU-SYSTEMS WibuKey.sys 0x8200E804 kernel memory information disclosure vulnerability

Summary An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 Build 2400. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An...

Information Disclosure

Linux kernel-rt is vulnerable to information disclosure. A NULL pointer dereference in the sndctlelemusertlv function in sound/core/control.c allows a local privileged user to exploit the vulnerability to leak kernel memory to user space...

The vulnerability of the Windows operating system’s kernel allows a hacker to execute arbitrary code with elevated privileges.

The vulnerability of the Windows operating system’s kernel arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a local attacker to execute arbitrary code with elevated privileges through a specially created application...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2223-1)

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-5390 aka SegmentSmack: A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during I...

Ubuntu: Security Advisory (USN-3849-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3848-1: Linux kernel vulnerabilities

It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-18174 It was discovered that an integer overrun vulnerability existed in the POSIX timers...

USN-3847-3: Linux kernel (Azure) vulnerabilities

USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leadi...

USN-3846-1: Linux kernel vulnerability

It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information kernel memory...

Vulnerability Spotlight : Multiple Vulnerabilities in WIBU-SYSTEMS WibuKey.sys

These vulnerabilities were discovered by Marcin 'Icewall' Noga of Cisco Talos. Executive Summary WibuKey is a Digital Rights Management DRM solution that has been used in a large number of solutions such as Straton, Archicad, GRAPHISOFT, V-Ray and others. It has been leveraged by over 3,000...

Amazon Linux 2 : kernel (ALAS-2018-1133)

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation removal. The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.CVE-2018-16862 An issue wa...

Medium: kernel

Issue Overview: A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation removal. The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new...

Apple iOS, tvOS and macOS Mojave Kernel Type Obfuscation Vulnerability

Apple iOS, tvOS, and macOS Mojave are products of Apple Inc. Apple iOS is an operating system for mobile devices; tvOS is an operating system for smart TVs; and macOS Mojave is a specialized operating system for Mac computers. kernel is a component of the Kernel is one of the kernel components. A...