Samsung Android JACK - Local Privilege Escalation

Samsung Android JACK - Local Privilege Escalation Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=796 https://bugs.chromium.org/p/project-zero/issues/detail?id=795 The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to be...

Samsung Android JACK - Local Privilege Escalation

Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=796 https://bugs.chromium.org/p/project-zero/issues/detail?id=795 The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to be designed for single-user usage. The common JACK...

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

Google Chrome browser contains a vulnerability related to integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/rendererhost/media/audioinputrendererhost.cc. Exploiting this vulnerability allows malicious actors to cause service failures or other effects on th...

Google Chrome - GPU Process MailboxManagerImpl Double-Read

Google Chrome - GPU Process MailboxManagerImpl Double-Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=780 Several functions in the GPU command buffer service interact with the GPU mailbox manager gpu/commandbuffer/service/mailboxmanagerimpl.cc, passing a reference to shared...

Google Chrome - GPU Process MailboxManagerImpl Double-Read

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=780 Several functions in the GPU command buffer service interact with the GPU mailbox manager gpu/commandbuffer/service/mailboxmanagerimpl.cc, passing a reference to shared memory as the mailbox argument. MailboxManagerImpl does no...

Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2

Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=772 In IOAccelContext2::clientMemoryForType the lockbusy/unlockbusy should be extended to cover all the code setting up shared memory type 2. At the...

Hewlett Packard Enterprise LoadRunner Shared Memory Name Construction Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within mchan.dll when constructing a shared memory file name. The issue...

Foxit Reader Foxit Cloud Update Service Privilege Gain Vulnerability

Foxit Reader is a PDF document reader from China's Foxit Software Corporation.Foxit Cloud Update Service FoxitCloudUpdateService is one of the cloud update services. A privilege acquisition vulnerability exists in the Foxit Cloud Update Service FoxitCloudUpdateService in Foxit Reader versions 6.1...

Fedora 23 : xen-4.5.2-6.fc23 (2015-d8253e2b1d)

paravirtualized drivers incautious about shared memory contents XSA-155, CVE-2015-8550 qemu-dm buffer overrun in MSI-X handling XSA-164, CVE-2015-8554 information leak in legacy x86 FPU/XMM initialization XSA-165, CVE-2015-8555 ioreq handling possibly susceptible to multiple read issue XSA-166 No...

openSUSE Security Update : xen (openSUSE-2016-36)

This update for xen fixes the following issues : - CVE-2015-8567,CVE-2015-8568: xen: qemu: net: vmxnet3: host memory leakage boo959387 - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: xen: qemu: usb: infinite loop in...

openSUSE Security Update : xen (openSUSE-2016-35)

This update for xen fixes the following security issues : - CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage boo959387 - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: xen: qemu: usb: infinite loop i...

Adobe Reader and Acrobat Pro elevation of privilege vulnerability analysis(CVE-2 0 1 5-5 0 9 0)-vulnerability warning-the black bar safety net

0×0 1 Introduction CVE-2 0 1 5-5 0 9 0 is present in the Adobe Reader/Acrobat Pro a bug, and as early as a few months ago has been found and submitted to ZDI. This article is mainly about this bug details, and share several different attack methods. AdobeARMService Adobe updates, in Adobe...

FreeBSD : xen-kernel -- ioreq handling possibly susceptible to multiple read issue (6aa2d135-b40e-11e5-9728-002590263bf5)

The Xen Project reports : Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device...

Foxit FoxitCloudUpdateService Local Elevation of Privilege Vulnerability

Foxit Reader is a small PDF document viewer and printing program. A security vulnerability exists in the FoxitCloudUpdateService of Foxit Reader. A remote attacker writing certain data in a shared memory area can trigger a memory corruption, leading to the execution of arbitrary code in the syste...

ioreq handling possibly susceptible to multiple read issue

ISSUE DESCRIPTION Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device model fo...

paravirtualized drivers incautious about shared memory contents

ISSUE DESCRIPTION The compiler can emit optimizations in the PV backend drivers which can lead to double fetch vulnerabilities. Specifically the shared memory between the frontend and backend can be fetched twice during which time the frontend can alter the contents possibly leading to arbitrary...

UBUNTU-CVE-2015-8550

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service host OS crash or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability...

xen-kernel -- ioreq handling possibly susceptible to multiple read issue

The Xen Project reports: Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device...

kernel: Unauthorized access to IPC objects with SysV shm

A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to...

kernel: Unauthorized access to IPC objects with SysV shm

A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to...