111 matches found
FinalWire AIDA64 Code Execution Vulnerability
FinalWire AIDA64 is a system information, diagnostic and auditing program from the Hungarian company FinalWire that runs on the Microsoft Windows platform. A security vulnerability exists in the kerneld.sys file in FinalWire AIDA64 versions prior to 5.99. An attacker can exploit the vulnerability...
CVE-2019-7630
An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation o...
CVE-2019-7240
An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges...
CVE-2018-18535
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers MSRs. This could be leveraged to execute arbitrary ring-0 code...
ASUS Aura Sync Arbitrary Code Execution Vulnerability
ASUS Aura Sync is a suite of lighting management software from ASUS. An arbitrary code execution vulnerability exists in ASUS Aura Sync version 1.07.22. A local attacker can exploit this vulnerability to execute arbitrary ring-0 code...
Arbitrary Code Execution Vulnerability in Multiple GIGABYTE Products (CNVD-2018-26459)
GIGABYTE APP Center and others are products of GIGABYTE Technology, a Chinese company. GIGABYTE APP Center is a software program for managing and updating GIGABYTE's product utility programs. AORUS GRAPHICS ENGINE is a software program for overclocking graphics cards. An arbitrary code execution...
Arbitrary Code Execution Vulnerability in Multiple GIGABYTE Products
GIGABYTE APP Center and others are products of GIGABYTE Technology, a Chinese company. GIGABYTE APP Center is a software program for managing and updating GIGABYTE's product utility programs. AORUS GRAPHICS ENGINE is a software program for overclocking graphics cards. An arbitrary code execution...
CVE-2018-10711
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers MSRs. This could be leveraged to execute arbitrary ring-...
kernel: execution in the early microcode loader
A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel ring0 level, bypassing intended restrictions in place...
Linux Kernel 2.4.x/2.6.x Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/12837/info The Linux kernel is reported prone to multiple vulnerabilities that occur because of range-checking flaws present in the ISO9660 handling routines. An attacker may exploit these issues to trigger kernel-based...
kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0
The kvmemulatehypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service guest kernel crash and...