UBUNTU-CVE-2017-15847

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel...

CVE-2017-15848

CVE-2017-15848 affects Android for MSM (CAF builds) via the fastrpc kernel driver. A userspace-triggered buffer overflow in the fastrpc driver is the stated vulnerability, potentially enabling local impact with high CVSS2/3 scores (LOCAL, LOW/LOW privileges for CVSS2; LOCAL, LOW privileges, NONE ...

CVE-2017-15847

CVE-2017-15847. A race condition in the SPCom kernel driver on Android for MSM (CAF Linux kernel lineage) during channel creation. Affected: Android variants using CAF/Linux kernel with SPCom. Impact per NVD: partial confidentiality/integrity/availability impact; CVSSv3 base score 7.0 (HIGH), LOC...

Kingsoft Antivirus / Internet Security 9+ Privilege Escalation

''' Vulnerability Summary The following advisory describes a kernel stack buffer overflow that leads to privilege escalation found in Kingsoft Antivirus/Internet Security 9+. Kingsoft Antivirus aprovides effective and efficient protection solution at no cost to users. It applies cloud security...

CVE-2018-5082

In K7 AntiVirus 15.1.0306, the driver file K7FWHlpr.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128...

CVE-2018-5087

In K7 AntiVirus 15.1.0306, the driver file K7FWHlpr.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100...

MacOS LPE Exploit Gives Attackers Root Access

A researcher that goes by the handle “Siguza” released details of a local privilege escalation attack against macOS that dates back to 2002. A successful attack could give adversaries complete root access to targeted systems. Siguza released details of the attack on Dec. 31 via Twitter, wishing...

Kingsoft Antivirus/Internet Security 9+ Privilege Escalation Exploit

Exploit for windows platform in category dos / poc Vulnerability Summary The following advisory describes a kernel stack buffer overflow that leads to privilege escalation found in Kingsoft Antivirus/Internet Security 9+. Kingsoft Antivirus “provides effective and efficient protection solution at...

CVE-2017-17803

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file VIRAGTLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475...

K7 Antivirus K7Sentry.sys Denial of Service Vulnerability (CNVD-2018-01083)

K7 Antivirus is a suite of anti-virus software from the Indian company K7 Computing.K7Sentry.sys is one of the kernel-mode drivers used in K7 Computing's security products. A security vulnerability exists in K7 Antivirus version 15.1.0309 in K7Sentry.sys version 15.1.0.59. An attacker can exploit...

K7 AntiVirus Null Pointer Dereference Vulnerability (CNVD-2018-00251)

K7 Antivirus is a suite of anti-virus software from the Indian company K7 Computing.K7Sentry.sys is one of the kernel-mode drivers used in K7 Computing's security products. A security vulnerability exists in K7 Antivirus version 15.1.0309 in K7Sentry.sys version 15.1.0.59. An attacker can exploit...

Race condition

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur...

Google Android NVIDIA component elevation of privilege vulnerability (CNVD-2017-36938)

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and NVIDIA driver is a graphics driver developed by NVIDIA. An elevation of privilege vulnerability exists in the NVIDIA driver for Android, which stems from the program's failure to...

Symantec Encryption Desktop And Endpoint Encryption Local Privilege Escalation

Vulnerabilities in Symantec Encryption Desktop and Endpoint Encryption allow an attacker to attain arbitrary hard disk read and write access at sector level, and subsequently infect the target and gain low level persistence MBR/VBR. They also allow the attacker to execute code in the context of t...

Buffer overflow

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range...

Interface Aware Fuzzing for Kernel Drivers: DIFUZE

Device drivers are an essential part in modern Unix-like systems to handle operations on physical devices, from hard disks and printers to digital cameras and Bluetooth speakers. The surge of new hardware, particularly on mobile devices, introduces an explosive growth of device drivers in system...

CPUID CPU-Z Arbitrary Read/Write Privilege Elevation Vulnerability

CPUID CPU-Z is a free software package for collecting information about system devices. A security vulnerability exists in versions of CPUID CPU-Z prior to 1.43, which originates from a program that can send ioctl 0x9C402430 calls to the kernel mode driver to exploit the vulnerability by writing ...

CVE-2017-15303

In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine while CPU-Z is running can issue an ioctl 0x9C402430 call to the kernel-mode driver e.g., cpuz141x64.sys for version 1.41...

CVE-2017-15302

In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver e.g., cpuz143x64.sys for version 1.43 that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on t...

CVE-2017-8694

The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to...