Linux Kernel Remote Code Execution Vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A remote code execution vulnerability exists in the Linux Kernel, which can be exploited by an attacker to execute arbitrary code in the context of an application or corrupt...

CVE-2016-7391

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x100010b where a missing array bounds check can allow a user to write to kernel...

CVE-2016-7386

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space...

CVE-2016-7383

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in a memory mapping API in the kernel mode layer nvlddmkm.sys handler, leading to denial of service or potential escalation of privileges...

CVE-2016-7386

CVE-2016-7386 affects NVIDIA Windows GPU Display Driver (nvlddmkm.sys) in the kernel mode layer. The vulnerability in the DxgDdiEscape handler (ID 0x70000D4) can leak kernel memory to user space via an uninitialized buffer. Affected products include NVIDIA Quadro, NVS, and GeForce on Windows; vul...

CVE-2016-7391

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x100010b where a missing array bounds check can allow a user to write to kernel...

kernel: Kernel memory leakage to ethernet frames due to buffer overflow in ethernet drivers

It was discovered that the atl2probe function in the Atheros L2 Ethernet driver in the Linux kernel incorrectly enabled scatter/gather I/O. A remote attacker could use this flaw to obtain potentially sensitive information from the kernel memory...

kernel: HID: core: prevent out-of-bound readings

The hidinputfield function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service out-of-bounds read by connecting a device...

kernel: Kernel memory leakage to ethernet frames due to buffer overflow in ethernet drivers

It was discovered that the atl2probe function in the Atheros L2 Ethernet driver in the Linux kernel incorrectly enabled scatter/gather I/O. A remote attacker could use this flaw to obtain potentially sensitive information from the kernel memory...

NVIDIA Windows GPU Display Driver Local Information Disclosure Vulnerability

NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers for Windows from NVIDIA. A local information disclosure vulnerability exists in NVIDIA Windows GPU Display Driver, which can be exploited by a local attacker to disclose kernel memory into user space with t...

NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=911 The DxgkDdiEscape handler for 0x600000D passes an unchecked user provided pointer as the destination for a memcpy call. This leads to kernel memory corruption. Win 10 x64 372.5...

NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D

NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=911 The DxgkDdiEscape handler for 0x600000D passes an unchecked user provided pointer as the destination for a memcpy call. This leads to kernel memory...

NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=911 The DxgkDdiEscape handler for 0x600000D passes an unchecked user provided pointer as the destination for a memcpy call. This leads to kernel memory corruption. Win 10 x64 372.54 crashing context with PoC: SYSTEMSERVICEEXCEPTION...

Apple OS X/iOS Kernel - IOSurface Use-After-Free

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=831 IOSurfaceRootUserClient stores a task struct pointer passed in via IOServiceOpen in the field at +0xf0 without taking a reference. By killing the corrisponding task we can free this pointer leaving the user client with a dangli...

VMware Tools 9.x / 10.x < 10.1.0 Kernel Memory Address Disclosure (VMSA-2016-0017) (Mac OS X)

The version of VMware Tools installed on the remote macOS or Mac OS X host is 9.x or 10.x prior to 10.1.0. It is, therefore, affected by an information disclosure vulnerability in the System Integrity Protection SIP feature. A local attacker can exploit this issue to obtain kernel memory addresse...

kernel: mm: privilege escalation via MAP_PRIVATE COW breakage

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on...

Kernel Component Information Disclosure Vulnerability in Apple iOS/tvOS/WatchOS

Apple iOS, tvOS, and watchOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; and watchOS is a smart watch operating system. kernel is one of the kernel components. An information disclosure vulnerability exists in the...

CVE-2015-3288

mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service page tainting via a crafted application that triggers writing to page zero...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3099-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3099-1 advisory. Vladimr Bene discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote...

CVE-2015-8950

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dmammap call...