📄 macOS 18.3.2 Kernel Privilege Escalation

macOS version 18.3.2 proof of concept exploit for an old kernel related privilege escalation vulnerability. A critical memory management vulnerability exists within the macOS XNU kernel's handling of the VMBEHAVIORZEROWIREDPAGES behavior flag. The issue arises from improper sequence validation wh...

EUVD-2022-55268

Malicious code in bioql PyPI...

CVE-2022-49989

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix error exit of privcmdioctldmop The error exit of privcmdioctldmop is calling unlockpages potentially with pages being NULL, leading to a NULL dereference. Additionally lockpages doesn't check for pinuserpagesfast...

CVE-2022-49989 xen/privcmd: fix error exit of privcmd_ioctl_dm_op()

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix error exit of privcmdioctldmop The error exit of privcmdioctldmop is calling unlockpages potentially with pages being NULL, leading to a NULL dereference. Additionally lockpages doesn't check for pinuserpagesfast...

PT-2025-25915 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the error exit of privcmd ioctl dm op in the Linux kernel, specifically in the xen/privcmd module. This error exit potentially calls unlock pages with pages bei...

CVE-2025-27484

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over a network...

CVE-2025-27482

Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network...

Windows Kernel Elevation of Privilege Vulnerability

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally...

Windows Graphics Component Elevation of Privilege Vulnerability

Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

PT-2025-15524

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Description A flaw exists in the Windows TCP/IP stack related to the improper locking of memory containing sensitive data. This allows a remote, unauthorized attacker to execute arbitrary code...

CVE-2025-24045

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network...

CVE-2025-24035

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network...

CVE-2024-45818

The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the virtual VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a problem when emulatin...

DEBIAN-CVE-2024-45818

The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the virtual VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a problem when emulatin...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from a...

SUSE CVE-2015-8340

The memoryexchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service deadlock or host crash via unspecified vectors, related to XENMEMexchange error handling...

SUSE CVE-2017-18221

The munlockpagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service NRMLOCK accounting corruption via crafted use of mlockall and munlockall system calls...

libvirt security, bug fix, and enhancement update

8.5.0-7.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 8.5.0-7 - securityselinux: Dont ignore NVMe disks when setting image label rhbz2121441 8.5.0-6 - qemuprocess: Destroy domains namespace after killing QEMU rhbz2121141 8.5.0-5 - rpc: Pass OPENSSLCONF through to ssh invocations...

PT-2024-11145 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the requirement of write permissions for locking and badblock ioctls in the Linux kernel. Specifically, MEMLOCK, MEMUNLOCK, and OTPLOCK modify protection bits and th...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3655-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3655-1 advisory. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a...