Linux - Kernel Pointer Leak via BPF

Linux - Kernel Pointer Leak via BPF / Commit 82abbf8d2fc46d79611ab58daa7c608df14bb3ee "bpf: do not allow root to mangle valid pointers", first in v4.15 included the following snippet: ========= @@ -2319,43 +2307,29 @@ static int adjustregminmaxvalsstruct bpfverifierenv env, if srcreg-type !=...

CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

UBUNTU-CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

CVE-2018-11851

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack...

Design/Logic Flaw

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack...

CVE-2018-11851

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack...

kernel: Stack information leak in the EFS element

A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space...

Microsoft Windows - nt!NtQueryVirtualMemory (MemoryImageInformation) Kernel 64-bit Stack Memory Disc

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryImageInformation 0x6 information class discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows...

Microsoft Windows - nt!NtQuerySystemInformation (SystemPageFileInformation(Ex)) Kernel 64-bit Stack

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQuerySystemInformation system call invoked with the SystemPageFileInformation 0x12 and SystemPageFileInformationEx 0x90 information classes discloses uninitialized kernel stack memory to user-mode clients. The...

Microsoft Windows - nt!NtQueryVolumeInformationFile Kernel Stack Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryVolumeInformationFile system call invoked against certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 10 32/64-bit; other versions were...

Microsoft Windows - nt!NtQueryAttributesFile Kernel Stack Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7 to 10, 32/64-bit. The paths that...

Microsoft Windows - 'nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation)' Kernel 64-bit Stack Memory Disclosure

/ We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryBasicInformation 0x0 and MemoryPrivilegedBasicInformation 0x8 information classes discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10...

Microsoft Windows - nt!NtQueryVolumeInformationFile Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryVolumeInformationFile Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryVolumeInformationFile system call invoked against certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 1...

Microsoft Windows - 'nt!NtQueryFullAttributesFile' Kernel Stack Memory Disclosure

/ We have discovered that the nt!NtQueryFullAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7 to 10, 32/64-bit. The paths that we have observed to trigger the leak in our te...

Microsoft Windows - nt!NtQueryFullAttributesFile Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryFullAttributesFile Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryFullAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7...

Microsoft Windows - nt!NtQueryAttributesFile Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryAttributesFile Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7 to 10,...

Windows Kernel 64-bit stack memory disclosure in win32k!XDCOBJ::RestoreAttributes(CVE-2018-0811)

We have discovered that the win32k!XDCOBJ::RestoreAttributes function leaks portions of uninitialized kernel stack memory to user-mode address space on Windows 7 to 10. It was confirmed on 64-bit platforms, 32-bit builds were not tested. The overall copied memory area is 0x1a0 bytes long, 4 of...

Windows Kernel 64-bit stack memory disclosure in NtQueryInformationThread(ThreadBasicInformation)(CVE-2018-0895)

We have discovered that the nt!NtQueryInformationThread system call invoked with the 0 information class ThreadBasicInformation discloses portions of uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. The specific layout of the...

Microsoft Windows Kernel - NtQueryInformationThread(ThreadBasicInformation) 64-bit Stack Memory Disclosure

Microsoft Windows Kernel - NtQueryInformationThreadThreadBasicInformation 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQueryInformationThread system call invoked with the 0 information class ThreadBasicInformation discloses portions of uninitialized kernel stack memory to...