63 matches found
kernel: BPF: Fix potential bad pointer dereference in bpf_sys_bpf()
In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpfsysbpf The bpfsysbpf helper function allows an eBPF program to load another eBPF program from within the kernel. In this case the argument union bpfattr pointer as well as the insn...
PT-2022-26447 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.1.2 and prior OpenHarmony versions 3.0.6 and prior Description: The issue is related to a Kernel memory pool override vulnerability in the /dev/mmz userdev device driver. The impact depends on the privileges of the...
Trend Micro Antivirus for Mac Information Disclosure Vulnerability
Trend Micro Antivirus for Mac is a set of antivirus software based on Mac platform from Trend Micro. A security vulnerability exists in Trend Micro Antivirus for Mac 2020 Consumer that stems from an error message information disclosure vulnerability, which can be exploited by an attacker to cause...
CVE-2020-27015
Trend Micro Antivirus for Mac 2020 Consumer contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order...
Information disclosure
Trend Micro Antivirus for Mac 2020 Consumer contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order...
CVE-2020-27015
Trend Micro Antivirus for Mac 2020 Consumer contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order...
Unspecified vulnerability in USB gadget driver for Samsung mobile devices
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A security vulnerability in the USB gadget driver for Samsung mobile devices caused an attacker to leak kernel pointers...
CVE-2019-20172
Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack...
Linux kernel pointer dereference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the expanddownwards of the mm/mmap.c file in versions of Linux kernel prior to 4.20.14. An attacker can exploit this vulnerability t...
PT-2018-3026 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.15.8 Description: The issue is related to the fd locked ioctl function in the Linux kernel, specifically in the floppy driver. It allows an attacker to obtain a kernel pointer by sending the FDGETPRM ioctl,...
MacOS getrusage stack leak through struct padding(CVE-2017-13869)
For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int getrusagestruct proc p, struct getrusageargs uap, unused int32t retval struct rusage rup, rubuf; struct user64rusage...
macOS getrusage Stack Leak Exploit
Exploit for macOS platform in category dos / poc MacOS getrusage stack leak through struct padding CVE-2017-13869 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int...
Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures
Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proclistuptrs has the following comment in it's userspace header: / Enumerate potential...
Apple macOS - 'getrusage' Stack Leak Through struct Padding
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1405 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int getrusagestruct proc p, struct getrusagearg...
Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proclistuptrs has the following comment in it's userspace header: / Enumerate potential userspace pointers embedded in kernel data structures. Currently inspects kqueues only. NOTE: returned "pointers"...
Apple macOS - getrusage Stack Leak Through struct Padding
Apple macOS - getrusage Stack Leak Through struct Padding / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1405 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to...
Design/Logic Flaw
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application...
CVE-2014-4379
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application...
APPLE-SA-2014-04-22-3 Apple TV 6.1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Descriptio...
(Pwn2Own\Pwn4Fun) Apple OS X IOKit Kernel Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within IOKit. The...