Microsoft Windows - nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation) Kernel Stack

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1214&desc=2 We have discovered that the nt!NtQueryInformationWorkerFactory system call called with the WorkerFactoryBasicInformation 7 information class discloses portions of...

Microsoft Windows - nt!NtQueryInformationJobObject (information class 12) Kernel Stack Memory Disclo

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1193 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 12 information...

Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible...

Microsoft Windows - nt!NtQueryInformationJobObject (BasicLimitInformation, ExtendedLimitInformation)

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1189&desc=2 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the...

Microsoft Windows - nt!NtQueryInformationResourceManager (information class 0) Kernel Stack Memory D

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1207 We have discovered that the nt!NtQueryInformationResourceManager system call called with the 0 information class discloses portions of uninitialized kernel stack memory to...

Windows Kernel stack memory disclosure in nt!NtQueryInformationTransaction(CVE-2017-8480)

We have discovered that the nt!NtQueryInformationTransaction system call called with the 1 information class discloses portions of uninitialized kernel stack memory to user-mode clients, on Windows 7 to Windows 10. The specific name of the 1 information class or the layout of the corresponding...

Windows Kernel stack memory disclosure in DeviceApi(CVE-2017-8474)

We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 10 through the PiDqIrpQueryGetResult, PiDqIrpQueryCreate, PiDqQueryCompletePendedIrp IOCTLs sent to the \Device\DeviceApi device. The analysis shown below was...

Windows Kernel stack memory disclosure in win32k!NtGdiMakeFontDir(CVE-2017-8477)

We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The attached proof of concept code which is specific to Windows 7 32-bit works by first filling a large portion of the kernel stack with a controlled...

Windows Kernel stack memory disclosure in nt!NtQueryInformationJobObject

We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the JobObjectExtendedLimitInformation information class discloses portions of uninitialized kernel stack memory to user-mode clients, due to...

Windows Kernel stack memory disclosure in nt!NtQueryInformationResourceManager(CVE-2017-8481)

We have discovered that the nt!NtQueryInformationResourceManager system call called with the 0 information class discloses portions of uninitialized kernel stack memory to user-mode clients, on Windows 7 to Windows 10. The specific name of the 0 information class or the layout of the correspondin...

Windows Kernel stack memory disclosure in win32k!NtGdiGetTextMetricsW(CVE-2017-8472)

We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other systems untested through the win32k!NtGdiGetTextMetricsW system call. The output structure used by the syscall, according to various sources, is TMWINTERNA...

Windows Kernel stack memory disclosure in nt!NtQueryInformationJobObject(CVE-2017-8479)

We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 28 information class discloses portions of uninitialized kernel stack memory to user-mode clients. The specific name of the 28 information...

Microsoft Windows - 'nt!NtQueryInformationResourceManager (information class 0)' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1207 We have discovered that the nt!NtQueryInformationResourceManager system call called with the 0 information class discloses portions of uninitialized kernel stack memory to user-mode clients, on Windows 7 to Windows 10. The...

Microsoft Windows - nt!NtQueryInformationResourceManager (information class 0) Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryInformationResourceManager information class 0 Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1207 We have discovered that the nt!NtQueryInformationResourceManager system call called with the 0 information class...

Microsoft Windows - nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation) Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryInformationWorkerFactory WorkerFactoryBasicInformation Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1214&desc=2 We have discovered that the nt!NtQueryInformationWorkerFactory system call called with the...

Microsoft Windows - 'nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation)' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1214&desc=2 We have discovered that the nt!NtQueryInformationWorkerFactory system call called with the WorkerFactoryBasicInformation 7 information class discloses portions of uninitialized kernel stack memory to user-mode clients...

USN-3334-1 linux-lts-xenial vulnerability

USN-3328-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the stack guard page for processes in the Linux kernel was not...

Microsoft Windows - nt!NtQueryInformationProcess (ProcessVmCounters) Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryInformationProcess ProcessVmCounters Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1190&desc=2 We have discovered that the nt!NtQueryInformationProcess system call called with the ProcessVmCounters information clas...

Microsoft Windows - nt!NtQueryInformationTransaction (information class 1) Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryInformationTransaction information class 1 Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1196 We have discovered that the nt!NtQueryInformationTransaction system call called with the 1 information class discloses...

Microsoft Windows - 'nt!NtQueryInformationTransaction (information class 1)' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1196 We have discovered that the nt!NtQueryInformationTransaction system call called with the 1 information class discloses portions of uninitialized kernel stack memory to user-mode clients, on Windows 7 to Windows 10. The...