UBUNTU-CVE-2017-17855

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars...

CVE-2017-17855

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars...

CVE-2017-17819

In Netwide Assembler NASM 2.14rc0, there is an illegal address access in the function findcc in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skipwhite calls are not validated...

DEBIAN-CVE-2017-17819

In Netwide Assembler NASM 2.14rc0, there is an illegal address access in the function findcc in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skipwhite calls are not validated...

CVE-2017-17819

In Netwide Assembler NASM 2.14rc0, there is an illegal address access in the function findcc in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skipwhite calls are not validated...

CVE-2017-17819

CVE-2017-17819 affects Netwide Assembler (NASM) 2.14rc0. The issue is an illegal address access in find_cc() within asm/preproc.c, caused by failure to validate pointers associated with skip_white_ calls. This can enable a remote denial of service attack. The vulnerability is tied to NASM-2.14rc0...

Netwide Assembler 'find_cc()' Function Illegal Address Access Vulnerability

Netwide Assembler NASM is a Linux-based assembler that creates binaries and writes bootloaders. A security vulnerability in the 'findcc' function in the asm/preproc.c file in NASM version 2.14rc0 stems from the program's failure to validate pointers associated with skipwhite calls. A remote...

CVE-2017-17819

In Netwide Assembler NASM 2.14rc0, there is an illegal address access in the function findcc in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skipwhite calls are not validated...

UBUNTU-CVE-2017-17819

In Netwide Assembler NASM 2.14rc0, there is an illegal address access in the function findcc in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skipwhite calls are not validated...

MacOS getrusage stack leak through struct padding(CVE-2017-13869)

For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int getrusagestruct proc p, struct getrusageargs uap, unused int32t retval struct rusage rup, rubuf; struct user64rusage...

macOS getrusage Stack Leak Exploit

Exploit for macOS platform in category dos / poc MacOS getrusage stack leak through struct padding CVE-2017-13869 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int...

Internet Bug Bounty: Exim use-after-free vulnerability while reading mail header involving BDAT commands

Original article is here Use-after-free in receivemsg leads to RCE Vulnerability Analysis To explain this bug, we need to start with the memory management of exim. There is a series of functions starts with store such as storeget, storerelease, storereset. These functions are used to manage...

Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures

Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proclistuptrs has the following comment in it's userspace header: / Enumerate potential...

Apple macOS - 'getrusage' Stack Leak Through struct Padding

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1405 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int getrusagestruct proc p, struct getrusagearg...

Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proclistuptrs has the following comment in it's userspace header: / Enumerate potential userspace pointers embedded in kernel data structures. Currently inspects kqueues only. NOTE: returned "pointers"...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3657 advisory. - mm: Tighten x86 /dev/mem with zeroing reads Kees Cook Orabug: 26675925 CVE-2017-7889 - more biomapuseriov leak fixes Al Viro Orabug: 27069042...

Apple macOS - getrusage Stack Leak Through struct Padding

Apple macOS - getrusage Stack Leak Through struct Padding / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1405 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to...

CVE-2017-16364

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entrie...

Design/Logic Flaw

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in createcalblock stale pointers are left uncleared...

Trusted Boot Arbitrary Code Execution Vulnerability

Trusted Boot tboot is an open source pre-kernel/vmm module that supports booting OS kernels/VMMs after measurement and determination utilizing Intel TXT technology. An arbitrary code execution vulnerability exists in Boot 1.9.6 and earlier versions, which stems from a program's failure to validat...