Kernel: hw: cpu: L1 terminal fault (L1TF)

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...

Kernel: hw: cpu: L1 terminal fault (L1TF)

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...

Apple iOS, tvOS and watchOS Kernel Local Information Disclosure Vulnerability

Apple iOS, tvOS, and watchOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; and watchOS is a smart watch operating system. kernel is one of the kernel components. A security vulnerability exists in the Kernel componen...

Immunity Canvas: SHOW_TIMER_LEAK

Name| showtimerleak ---|--- CVE| CVE-2017-18344 Exploit Pack| CANVAS Description| showtimerleak Notes| CVE Name: CVE-2017-18344 NOTES: This module gives an unpriviledged user the ability to dump a file from the kernel memory. A common scenario is to dump the /etc/shadow or kerberos tickets. Note:...

Design/Logic Flaw

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function called when /proc/$PID/timers is read. This allows userspace applications ...

CVE-2017-18344

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function called when /proc/$PID/timers is read. This allows userspace applications ...

CVE-2017-18344

CVE-2017-18344 affects the Linux kernel before 4.14.8. The timer_create syscall in kernel/time/posix-timers.c fails to validate sigevent->sigev_notify, causing out-of-bounds access in show_timer when /proc/$PID/timers is read and enabling a local user to read arbitrary kernel memory on builds ...

UBUNTU-CVE-2017-18344

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function called when /proc/$PID/timers is read. This allows userspace applications ...

Ubuntu 18.04 LTS : Linux kernel regression (USN-3718-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3718-1 advisory. USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient ear...

The vulnerability of the Bluetooth component of the Mac OS X operating system allows a hacker to disclose sensitive information about the kernel’s memory allocation scheme.

The vulnerability of the Bluetooth component in the Mac OS X operating system is related to the incorrect implementation of security mechanisms. Exploiting this vulnerability can allow an attacker to disclose sensitive information about the kernel’s memory allocation scheme through a specially...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2018-4172)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4172 advisory. - KVM: Fix stack-out-of-bounds read in writemmio Wanpeng Li Orabug: 27951293 CVE-2017-17741 CVE-2017-17741 - kernel/exit.c: avoid undefined behavio...

Apple macOS/OS X Sensitive Information Disclosure Vulnerability

macOS is Apple's proprietary operating system for the Mac line of products. An Apple macOS/OS X sensitive information disclosure vulnerability exists due to an out-of-bounds memory read error triggered in the IOGraphics component, which can be exploited by an attacker to gain access to the conten...

Google Android has an unspecified vulnerability (CNVD-2019-44517)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A security vulnerability exists in Android that stems from the program not properly validating pointers in the ADSPRPC command. An attacker can exploit the vulnerability to access...

About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan

About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan This document describes the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan. About Apple security updat...

About the security content of watchOS 4.3.2

About the security content of watchOS 4.3.2 This document describes the security content of watchOS 4.3.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

CVE-2018-5886

CVE-2018-5886 describes a vulnerability where a pointer in an ADSPRPC command is not properly validated in CAF Android builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The root cause is improper validation of a pointer in the ADSPRPC path, which can allow access t...

Ubuntu: Security Advisory (USN-3697-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3695-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM AIX rmsock SetUID Binary Information Leak

Summary An exploitable kernel memory leak vulnerability is exposed by the rmsock setUID functionality of IBM AIX 6.1 and IBM AIX 7.1. A specially crafted command line can cause a kernel memory leak, resulting in uninitialized kernel memory being exposed. An attacker can execute rmuser with an...

Security Bulletin: Vulnerability in rmsock affects AIX (CVE-2018-1655)

Summary There is a vulnerability in the rmsock command that affects AIX. Vulnerability Details CVEID: CVE-2018-1655 DESCRIPTION: IBM AIX contains a vulnerability in the rmsock command that may be used to expose kernel memory. CVSS Base Score: 4 CVSS Temporal Score: See...