CVE-2020-8607

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or...

Mitigations are attack surface, too

Posted by Jann Horn, Project Zero Introduction This blog post discusses a bug leading to memory corruption in Samsung's Android kernel specifically the kernel of the Galaxy A50, A505FN - I haven't looked at Samsung's kernels for other devices. I will describe the bug and how I wrote a very...