Android - binder Use-After-Free via racy Initialization of ->allow_user_free

The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. The binder driver permits userspace to free buffers in the kernel-managed shared...

Android - binder Use-After-Free via racy Initialization of -allow_user_free

Android - binder Use-After-Free via racy Initialization of -allowuserfree The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. The binder...

Android - binder Use-After-Free via racy Initialization of ->allow_user_free Exploit

Android - binder Use-After-Free via racy Initialization of -allowuserfree Exploit The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. Th...

CVE-2019-6208

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...

CVE-2019-6208

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...

CVE-2019-6205

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...

Memory corruption

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...

Apple iOS, tvOS and macOS Kernel Memory Initialization Vulnerability

Apple iOS is an operating system developed for mobile devices; macOS Sierra, macOS High Sierra, and macOS Mojave are different versions of a specialized operating system developed for Mac computers; tvOS is a smart TV operating system. Kernel is one of the kernel components. A security...

Apple iOS, macOS and tvOS Kernel Memory Corruption Vulnerability

Apple iOS is an operating system developed for mobile devices; macOS Sierra, macOS High Sierra, and macOS Mojave are different versions of a specialized operating system developed for Mac computers; tvOS is a smart TV operating system. Kernel is one of the kernel components. A security...

Information Disclosure

qt is vulnerable to information disclosure attacks. The vulnerability exists as the QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions world-readable and world-writable for shared memory segments, which allows local...

Insecure Authorization

openjdk is vulnerable to insecure authorization. The 2D component created shared memory segments with insecure permissions, allowing a local attacker to exploit the vulnerability to read or write to the shared memory segment...

Virtuozzo 7 : readykernel-patch (VZA-2018-080)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - Use-after-free in the implementation of the shared memory. A flaw was found in the implementation of the shared memory...

Linux: Check options for /dev/shm directory

/dev/shm implements traditional shared memory concept. It is an efficient means of passing data between programs. This script tests options set on /dev/shm filesystem. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection

When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the calling process. It does this with the following code: int prot = uap-prot; ... if prot & PROTWRITE && fp-fflag & FWRITE == 0 returnEPERM;...

XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection

XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the calling process. It does this with the following code: int prot =...

XNU POSIX Shared Memory Mapping Issue

XNU: POSIX shared memory mappings have incorrect maximum protection CVE-2018-4435 When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the calling process. It does this with the following code: int...

XNU POSIX Shared Memory Mapping Issue Exploit

Exploit for multiple platform in category local exploits XNU: POSIX shared memory mappings have incorrect maximum protection CVE-2018-4435 When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the...

Apple macOS shm Uninitialized Data Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handlin...

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for th...

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Exploit

Exploit for windows platform in category local exploits Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for the DfMarshal...