764 matches found
Microsoft Windows Kernel - nt!NtWaitForDebugEvent 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - nt!NtWaitForDebugEvent 64-bit Stack Memory Disclosure / We have discovered that the nt!NtWaitForDebugEvent system call discloses portions of uninitialized kernel stack memory to user-mode clients, on 64-bit versions of Windows 7 to Windows 10. The output buffer, and the...
Microsoft Windows Kernel - 'nt!RtlpCopyLegacyContextX86' Stack Memory Disclosure
/ We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a CONTEXT structure to user-mode memory. Two previous bugs in the nearby code area were reported in issues 1177 and 1311 ; in fact, the problem discussed here appears to be a variant of 1177 b...
MacOS process_policy stack leak through uninitialized field(CVE-2017-7154)
The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack memory to be written to userspace. The call graph looks as follow...
macOS - process_policy Stack Leak Through Uninitialized Field Exploit
Exploit for macOS platform in category dos / poc / The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack memory to be...
macOS process_policy Stack Leak
MacOS processpolicy stack leak through uninitialized field CVE-2017-7154 The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kerne...
macOS - 'process_policy' Stack Leak Through Uninitialized Field
/ The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack memory to be written to userspace. The call graph looks as...
Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)' Kernel Stack Memory Disclosure
/ We have discovered that the nt!NtQueryInformationProcess system call invoked with the 76 information class discloses portions of uninitialized kernel stack memory to user-mode clients. The specific information class is handled by an internal nt!PsQueryProcessEnergyValues function. While we don'...
Microsoft Windows - nt!NtQueryInformationProcess (information class 76_ QueryProcessEnergyValues) Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationProcess information class 76 QueryProcessEnergyValues Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryInformationProcess system call invoked with the 76 information class discloses portions of uninitialized kernel stack memory to...
Microsoft Windows - nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues) Ke
Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryInformationProcess system call invoked with the 76 information class discloses portions of uninitialized kernel stack memory to user-mode clients. The specific information class is handled by an internal...
Kingsoft Antivirus/Internet Security 9+ - Local Privilege Escalation
""" Kingsoft Antivirus/Internet Security 9+ Kernel Stack Buffer Overflow Privilege Escalation Vulnerability Anti-Virus: http://www.kingsoft.co/downloads/kav/KAV100720ENUDOWN33102010.rar Internet Security: http://www.kingsoft.co/downloads/kis/kis.rar Summary: ======== This vulnerability allows loc...
Kingsoft AntivirusInternet Security 9+ - Local Privilege Escalation
Kingsoft AntivirusInternet Security 9+ - Local Privilege Escalation """ Kingsoft Antivirus/Internet Security 9+ Kernel Stack Buffer Overflow Privilege Escalation Vulnerability Anti-Virus: http://www.kingsoft.co/downloads/kav/KAV100720ENUDOWN33102010.rar Internet Security:...
Kingsoft Antivirus/Internet Security 9+ Privilege Escalation
Vulnerability Summary The following advisory describes a kernel stack buffer overflow that leads to privilege escalation found in Kingsoft Antivirus/Internet Security 9+. Kingsoft Antivirus “provides effective and efficient protection solution at no cost to users. It applies cloud security...
DEBIAN-CVE-2017-17806
The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3 to caus...
PT-2017-15012 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14.8 Description: The HMAC implementation in the Linux kernel does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker to cause a kernel stack buffer overflow by...
Microsoft Windows win32kfull!GreUpdateSpriteInternal Kernel Stack Memory Disclosure Exploit
On Windows 10 32-bit version 1709, a kernel stack memory disclosure was discovered in win32kfull!GreUpdateSpriteInternal. Windows Kernel stack memory disclosure in win32kfull!GreUpdateSpriteInternal On Windows 10 32-bit version 1709, we have discovered a disclosure of 4 uninitialized bytes from t...
Microsoft Windows win32kbase!NtQueryCompositionInputQueueAndTransform Kernel Stack Memory Disclosure
The win32k!NtQueryCompositionInputQueueAndTransform system call may disclose portions of uninitialized kernel stack memory to user-mode clients on Windows 10. Windows Kernel stack memory disclosure in win32kbase!NtQueryCompositionInputQueueAndTransform We have discovered that the...
FreeBSD Information Disclosure Vulnerability (CNVD-2017-37251)
FreeBSD is a set of Unix-like free operating systems in the FreeBSD project, headed by the Core Team team, and is an important branch of Unix-like systems that have evolved through BSD, 386BSD, and 4.4BSD. A security vulnerability exists in FreeBSD that stems from a program failing to properly...
BSA-2017-473
Security Advisory ID : BSA-2017-473 Component : Kernel Revision : 2.0: Final On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the...
Design/Logic Flaw
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptracelwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure...
CVE-2017-1086
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptracelwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure...