Design/Logic Flaw

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0...

CVE-2023-28147

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and...

Design/Logic Flaw

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and...

CVE-2023-28469

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0...

CVE-2023-28469

The CVE-2023-28469 issue is a use-after-free in the Arm Mali GPU Kernel Driver. A non-privileged user could perform improper GPU processing to access freed memory, affecting Valhall r29p0–r42p0 (before r43p0) and Arm's GPU Architecture Gen5 r41p0–r42p0 (before r43p0). Mitigation: upgrade to versi...

CVE-2023-28147

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and...

ARM Mali GPU Kernel Driver 安全漏洞

ARM Mali GPU Kernel Driver is a driver for a graphics processor unit from ARM UK. A security vulnerability exists in the ARM Mali GPU Kernel Driver that originates from an unprivileged user being able to perform incorrect GPU processing operations to access freed memory...

CVE-2023-28147

CVE-2023-28147: Arm Mali GPU Kernel Driver contains a use-after-free in improper GPU processing operations, allowing a non-privileged user to access freed memory. Affected: Midgard (r29p0–r32p0), Bifrost (r17p0–r42p0 before r43p0), Valhall (r19p0–r42p0 before r43p0), and Arm Gen5 (r41p0–r42p0 bef...

Nidhogg - All-In-One Simple To Use Rootkit For Red Teams

Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file with simple usage, you can see an...

Platbox - UEFI And SMM Assessment Tool

UEFI and SMM Assessment Tool Features Platbox is a tool that helps assessing the security of the platform: Dumps the platform registers that are interesting security-wise Flash Locks MMIO and Remapping Locks SMM Base and Locks MSRs RW access to the PCI configuration space of devices. RW to physic...

WINTAPIX Kernel Driver Targeting Middle Eastern Nations

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The WINTAPIX driver, protected by VMProtect, targets Saudi Arabia and other Gulf countries, possibly linked to Iranian threat actors exploiting Exchange servers for malware deployment. To receive real-ti...

Advanced BlackCat Ransomware Using Triple Extortion Tactics and Signed Kernel Driver

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BlackCat ransomware operation is a highly sophisticated and customizable threat targeting corporate environments, featuring advanced encryption, spreading capabilities, and triple extortion tactics. ...

New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East

An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX WinTapix.sys, attributed the malware with low confidence to an Iranian threat...

New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East

An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX WinTapix.sys, attributed the malware with low confidence to an Iranian threat...

BlackCat Ransomware Deploys New Signed Kernel Driver

In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerability (USN-6089-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6089-1 advisory. It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to...

kernel: iommu/vt-d: Clean up si_domain in the init_dmars() error path

A memory leak flaw was found in the Linux kernel's Intel VT-d IOMMU driver in the initialization error path. A local user can trigger this issue when the initdmars function fails during IOMMU setup, causing the sidomain memory to remain allocated without being freed. This results in a permanent...

CVE-2022-42465

Improper access control in kernel mode driver for the IntelR OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2022-42465

Improper access control in kernel mode driver for the IntelR OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2022-41784

Improper access control in kernel mode driver for the IntelR OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access...