CVE-2023-33200 Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations

A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory...

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. "There are...

Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU...

ARM Mali GPU Kernel Driver r44p0 Improper Memory Access (CVE-2023-34970)

The version of the Mali GPU Kernel Driver installed on the remote system is prior to r44p1 or r45p0 running on Valhall or 5th Gen architecture. It is, therefore affected by a improper memory access vulnerability. A local non-privileged user can make improper GPU processing operations to access a...

ARM Mali GPU Kernel Driver < r44p1 Improper Memory Access (CVE-2023-33200)

The version of the Mali GPU Kernel Driver installed on the remote system is prior to r44p1 or r45p0 running on Bifrost, Valhall or 5th Gen architecture. It is, therefore affected by a improper memory access vulnerability. A local non-privileged user can make improper GPU processing operations to...

CVE-2023-4211 Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory...

CVE-2023-4211 Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory...

The vulnerability of the win32kfull driver of the Windows GDI component allows attackers to gain increased privileges.

The vulnerability of the win32kfull driver of the Windows GDI component on Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2023-40218

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application...

Integer overflow

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application...

kernel: Linux kernel iavf driver: Denial of Service via use-after-free vulnerability

A flaw was found in the Linux kernel's iavf driver. A local user with administrative capabilities can exploit a use-after-free vulnerability, caused by a mismatch in network interface NAPI list management functions. This can lead to dangling NAPI entries, resulting in a kernel crash and a Denial ...

CVE-2023-40218

CVE-2023-40218 affects Samsung Exynos Mobile Processor NPU kernel driver. The issue is an integer overflow in the kernel driver that can bypass detection of error cases when a crafted application is used. Affected devices include Exynos 9820, 980, 2100, 2200, 1280, and 1380. The impact is describ...

PT-2023-27334 · Samsung · Samsung Mobile Processor Exynos

Name of the Vulnerable Software and Affected Versions: Samsung Exynos Mobile Processor versions 1280, 1380, 2100, 2200, 980, 9820 Description: An issue was discovered in the NPU kernel driver, allowing an integer overflow to bypass detection of error cases via a crafted application...

CVE-2023-40218

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application...

SAMSUNG Exynos Input Validation Error Vulnerability

SAMSUNG Exynos is a SoC, Arm architecture-based processor developed and manufactured by Samsung Mobile, a South Korean company. A security vulnerability exists in SAMSUNG Exynos, which is caused by an integer overflow in the kernel driver that can be exploited by a crafted application to bypass...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5917)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5917 advisory. 4.1.12-124.44.4.1 - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040806 CVE-2020-8694 CVE-2020-8695 Tenable has extracte...

Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL

Overview Some of the Windows kernel drivers provided by Phoenix Technologies Inc. is vulnerable to insufficient access control on its IOCTL CWE-782, CVE-2023-35841. Takahiro Haruyama of VMware reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By sending a...

Exploit for CVE-2023-20562

HITCON 2023 Demo CVE-2023-20562 Description This demonstra...

CVE-2023-28576 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver

The buffer obtained from kernel APIs such as cammemgetcpubuf may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header e.g. header.count, causing checks e.g. size checks in kernel code to be invalid. This may lead to...

CVE-2023-28576 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver

The buffer obtained from kernel APIs such as cammemgetcpubuf may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header e.g. header.count, causing checks e.g. size checks in kernel code to be invalid. This may lead to...