12 matches found
CVE-2026-31781
In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...
CVE-2026-31781
CVE-2026-31781 concerns the Linux kernel drm/ioc32 compat ioctl path, where a user-controlled pointer was used to index a table of function pointers (spectre-like pattern). The issue is mitigated by applying array_index_nospec on the index to the function-pointer list, as described in the fix. Co...
PT-2026-36416
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The drm compat ioctl path accepts a user-controlled pointer and dereferences it into a table of function pointers. This pattern is characteristic of Spectre problems, which are...
EUVD-2010-2747
Malware in sbrugna...
CVE-2022-49760 mm/hugetlb: fix PTE marker handling in hugetlb_change_protection()
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlbchangeprotection Patch series "mm/hugetlb: uffd-wp fixes for hugetlbchangeprotection". Playing with virtio-mem and background snapshots using uffd-wp on hugetlb in QEMU, I managed to...
Design/Logic Flaw
tftpserver.exe in HP Intelligent Management Center IMC 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a 1 large or 2 invalid opcode field, related to a function pointer table...
CVE-2010-2743
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, a...
Hardcoded credentials
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, a...
[Full-disclosure] IE crash
I can't find any info on this delicious IE bug, but it seems to be publicly known: input type="checkbox" id='c' script r=document.getElementById"c"; a=r.createTextRange; /script It will badly access a virtual? pointer table, making EIP to jump at a random address. This has various effects on the...
Microsoft Internet Explorer 6 - mshtml.dll checkbox Crash
Microsoft Internet Explorer 6 - mshtml.dll checkbox Crash r=document.getElementById"c"; a=r.createTextRange; milw0rm.com 2006-03-22...
MS Internet Explorer 6.0 (mshtml.dll checkbox) Crash
No description provided by source. !-- Stelian Ene: I can't find any info on this delicious IE bug, but it seems to be publicly known: It will badly access a virtual? pointer table, making EIP to jump at a random address. This has various effects on the system I've tested with, including crashing...
Microsoft Internet Explorer 6 - 'mshtml.dll checkbox' Crash
r=document.getElementById"c"; a=r.createTextRange; milw0rm.com 2006-03-22...