764 matches found
Microsoft Windows - 'win32k!NtGdiMakeFontDir' Kernel Stack Memory Disclosure
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1191 We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The attached proof of concept code which is specific to Windows 7 32-bit works...
Microsoft Windows - 'win32k!ClientPrinterThunk' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1186 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other platforms untested indirectly through the win32k!NtGdiOpenDCW system call. The...
Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 28)' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1194 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 28 information class discloses portions of uninitialized kernel...
Microsoft Windows - win32k!ClientPrinterThunk Kernel Stack Memory Disclosure
Microsoft Windows - win32k!ClientPrinterThunk Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1186 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other...
Microsoft Windows - win32k!NtGdiMakeFontDir Kernel Stack Memory Disclosure
Microsoft Windows - win32k!NtGdiMakeFontDir Kernel Stack Memory Disclosure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1191 We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The...
Microsoft Windows - win32k!NtGdiGetRealizationInfo Kernel Stack Memory Disclosure
Microsoft Windows - win32k!NtGdiGetRealizationInfo Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1181 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7-10...
Microsoft Windows - nt!NtQueryInformationTransaction (information class 1) Kernel Stack Memory Discl
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1196 We have discovered that the nt!NtQueryInformationTransaction system call called with the 1 information class discloses portions of uninitialized kernel stack memory to...
Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessVmCounters)' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1190&desc=2 We have discovered that the nt!NtQueryInformationProcess system call called with the ProcessVmCounters information class discloses portions of uninitialized kernel stack memory to user-mode clients, due to output...
Microsoft Windows - 'win32k!NtGdiGetTextMetricsW' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1180 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other systems untested through the win32k!NtGdiGetTextMetricsW system call. The output...
Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 12)' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1193 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 12 information class discloses portions of uninitialized kernel...
Microsoft Windows - win32k!NtGdiGetTextMetricsW Kernel Stack Memory Disclosure
Microsoft Windows - win32k!NtGdiGetTextMetricsW Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1180 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other...
Microsoft Windows - nt!NtQueryInformationJobObject (information class 12) Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationJobObject information class 12 Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1193 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented...
Microsoft Windows - nt!NtQueryInformationJobObject (information class 28) Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationJobObject information class 28 Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1194 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented...
Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible via a documented GetObject API function to user-mo...
Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1179 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7-10 through the win32k!NtGdiGetOutlineTextMetricsInternalW system call. The system call...
Apple macOS - 'stackshot' Raw Frame Pointers(CVE-2017-2516)
This is an issue that allows unentitled root to read kernel frame pointers, which might be useful in combination with a kernel memory corruption bug. By design, the syscall stacksnapshotwithconfig permits unentitled root to dump information about all user stacks and kernel stacks. While a target...
Ubuntu 11.10/12.04 - binfmt_script Stack Data Disclosure Vulnerability
Exploit for linux platform in category dos / poc Source: http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/ Introduction Problem description: Linux kernel binfmtscript handling in combination with CONFIGMODULES can lead to disclosure of kernel stack data during execv...
kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash
Linux kernel built with the 802.1Q/802.1ad VLANCONFIGVLAN8021Q OR Virtual eXtensible Local Area NetworkCONFIGVXLAN with Transparent Ethernet BridgingTEB GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could...
Design/Logic Flaw
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...
CVE-2016-9756
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...