CVE-2018-20788

drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. This can be exploited by a crafted...

CVE-2018-20788

drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. This can be exploited by a crafted...

CVE-2018-20787

Affected software: ft5x46 touchscreen driver used in custom Linux kernels on the Xiaomi perseus-p-oss MIX 3. The issue is an integer overflow in tpdbg_write within drivers/input/touchscreen/ft5x46/ft5x46_ts.c caused by missing checks on the size argument, leading to an OOPS. Impact is a potential...

CVE-2019-9111

CVE-2019-9111 affects the msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3. The vulnerability is an integer overflow in sde_evtlog_filter_write (drivers/gpu/drm/msm/sde_dbg.c) caused by missing checks of the count argument, leading to an OOPS and potential device crash vi...

CVE-2019-9112

The CVE-2019-9112 vulnerability affects the MSM GPU driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device (through 2018-11-26). It is caused by an integer overflow due to missing checks of the count argument in _sde_debugfs_conn_cmd_tx_write within drivers/gpu/drm/msm/sde/sde_c...

Privilege Escalation

modwsgi is vulnerable to privilege escalation attacks. The vulnerability exists as the modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via...

PT-2018-3842 · Oracle +2 · Oracle Linux Kernels +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Oracle Linux kernels affected versions not specified Description: The issue is related to incorrect clearance or release of resources in the Linux operating system kernel. It may allow a remote...

CVE-2018-19939

The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtpreadColor in drivers/input/touchscreen/gt917d/gt9xx.c...

CVE-2018-19939

The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtpreadColor in drivers/input/touchscreen/gt917d/gt9xx.c...

CVE-2018-19939

The CVE-2018-19939 entry concerns the Goodix GT9xx touchscreen driver used in Xiaomi Mi A2 Lite and RedMi6 pro on custom Linux kernels up to 2018-08-27. Root cause: NULL pointer dereference in kfree following a kmalloc failure in gtp_read_Color within drivers/input/touchscreen/gt917d/gt9xx.c. Imp...

USN-3816-3: systemd regression

USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954...

Kernel update: Virtuozzo ReadyKernel patch 66.0 for Virtuozzo 7.0.4 to 7.0.8 HF1

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to all supported Virtuozzo kernels. NOTE: No more patches are planned for kernel 3.10.0-514.16.1.vz7.30.10, support for which ends with this update. Vulnerability id: PSBM-89050 cleancache: missing...

Kernel update: Virtuozzo ReadyKernel patch 63.0 for Virtuozzo 7.0.4 to 7.0.8 HF1

The cumulative Virtuozzo ReadyKernel patch was updated with a stability fix. The patch applies to all supported Virtuozzo kernels. Vulnerability id: PSBM-88809 Potential kernel crash in ext4closepfcache...

CVE-2018-11886

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function...

CVE-2018-11832

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow...

Microsoft Windows POP/MOV SS Local Privilege Elevation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/post/windows/priv' require 'msf/core/post/windows/registry' require 'msf/core/exploit/exe'...

SUSE-SU-2018:1935-1 Recommended update for ucode-intel

The Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 Spectre v3a and helps mitigating CVE-2018-3639 Spectre v4 bsc1100147 bsc1087082 bsc1087083. More information on:...

Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation

/ Credit @bleidl, this is a slight modification to his original POC https://github.com/brl/grlh/blob/master/get-rekt-linux-hardened.c For details on how the exploit works, please visit https://ricklarabee.blogspot.com/2018/07/ebpf-and-analysis-of-get-rekt-linux.html Tested on Ubuntu 16.04 with th...

PT-2018-17205 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11 Description: A race condition in the ns get path function in fs/nsfs.c can lead to a Use After Free condition when accessing files. This issue also affects Android releases from CAF using the Linux kernel...

Detecting Kernel Memory Disclosure – Whitepaper

Posted by Mateusz Jurczyk, Project Zero Since early 2017, we have been working on Bochspwn Reloaded – a piece of dynamic binary instrumentation built on top of the Bochs IA-32 software emulator, designed to identify memory disclosure vulnerabilities in operating system kernels. Over the course of...