Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=772 In IOAccelContext2::clientMemoryForType the lockbusy/unlockbusy should be extended to cover all the code setting up shared memory type 2. At the moment the lock doesn't protect two threads racing where one reaches the release...

Oracle MySQL Multiple Unspecified Vulnerabilities - 20 (Jun 2016) - Linux

Oracle MySQL is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel security and bug fix update

3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...

DEBIAN-CVE-2016-2547

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service race condition, use-after-free, and system crash via a crafted ioctl call...

Race condition

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service race condition, use-after-free, and system crash via a crafted ioctl call...

CVE-2016-2547

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service race condition, use-after-free, and system crash via a crafted ioctl call...

OpenSSH < 6.9 Multiple Vulnerabilities

Binary data 9308.prm...

CVE-2016-0667

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking...

CVE-2016-0667

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking...

Design/Logic Flaw

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking...

CVE-2016-0667

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking...

CVE-2016-0667

CVE-2016-0667 affects Oracle MySQL Server 5.7.11 and earlier, with an unspecified vulnerability in the Locking component that allows local users to impact availability. The description does not specify a patch or workaround in the provided documents; no explicit exploitation details are given.

CVE-2016-0667

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking...

CVE-2016-0667

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking...

Oracle MySQL Server: Locking Subcomponent Denial of Service Vulnerability

Oracle MySQL is an open source relational database management system from Oracle. This database system is characterized by high performance, low cost and good reliability. A denial of service vulnerability exists in the Server: Locking subcomponent of Oracle MySQL 5.7.11 and earlier versions. A...

UBUNTU-CVE-2016-0667

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking...

Apple iOS Messages Message Disclosure Vulnerability

Apple iOS, OS X, and watchOS are all products of Apple Inc. Apple iOS is an operating system developed for mobile devices; watchOS is a smartwatch operating system; and Apple OS X is an Apple operating system. An information disclosure vulnerability exists in the implementation of Messages in iOS...

Apple Mac OSX Kernel - Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver

Apple Mac OSX Kernel - Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=708 The external methods IGAccelGLContext::unmapusermemory and IGAccelCLContext::unmapusermemory take an 8 byte struct input whi...

Apple Mac OSX - Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=708 The external methods IGAccelGLContext::unmapusermemory and IGAccelCLContext::unmapusermemory take an 8 byte struct input which is a user-space pointer previously passed to the...

Apple Mac OSX Kernel - Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=708 The external methods IGAccelGLContext::unmapusermemory and IGAccelCLContext::unmapusermemory take an 8 byte struct input which is a user-space pointer previously passed to the equivilent mapusermemory method. The Context...