UBUNTU-CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...

CVE-2019-9112

The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in sdedebugfsconncmdtxwrite in drivers/gpu/drm/msm/sde/sdeconnector.c. This is exploitable for a device crash vi...

CVE-2018-20787

The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the size argument in tpdbgwrite in drivers/input/touchscreen/ft5x46/ft5x46ts.c. This is exploitable for a device crash v...

CVE-2019-9111

The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in sdeevtlogfilterwrite in drivers/gpu/drm/msm/sdedbg.c. This is exploitable for a device crash via a syscall by...

CVE-2019-9111

The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in sdeevtlogfilterwrite in drivers/gpu/drm/msm/sdedbg.c. This is exploitable for a device crash via a syscall by...

Android Kernel < 4.8 - ptrace seccomp Filter Bypass Exploit

/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...

macOS Reverse TCP Port 4444 IPv6 Shellcode (119 bytes)

/ Title: macOS - Reverse ::1:4444/TCP Shell /bin/sh +IPv6 Shellcode 119 bytes Tested: macOS 10.14.1 Author: Ken Kitahara Compilation: gcc -o loader loader.c dev:works devuser$ swvers ProductName: Mac OS X ProductVersion: 10.14.1 BuildVersion: 18B75 dev:works devuser$ cat ipv6rev.s section .text...

Android - binder Use-After-Free via fdget() Optimization Exploit

Android - binder Use-After-Free via fdget Optimization Exploit This bug report describes two different issues in different branches of the binder kernel code. The first issue is in the upstream Linux kernel, commit 7f3dc0088b98 "binder: fix proc-files use-after-free"; the second issue is in the...

Android - binder Use-After-Free of VMA via race Between reclaim and munmap

The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. There is a race condition between the direct reclaim path enters binder through the...

FreeBSD-SA-19:01.syscall

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:01.syscall Security Advisory The FreeBSD Project Topic: System call kernel data register leak Category: core Module: kernel Announced: 2019-02-05 Credits:...

FreeBSD -- System call kernel data register leak

Problem Description: The callee-save registers are used by kernel and for some of them %r8, %r10, and for non-PTI configurations, %r9 the content is not sanitized before return from syscalls, potentially leaking sensitive information. Impact: Typically an address of some kernel data structure use...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0222-1) (Spectre)

The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-19407: The vcpuscanioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service NULL pointer dereference and BUG via...

SUSE-SU-2019:0150-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In skclonelock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with...

openSUSE: Security Advisory for kernel (openSUSE-SU-2018:4133-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : the Linux Kernel (openSUSE-2018-1548)

The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-18281: The mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the...

EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1369)

According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the...

macOS 10.13 workq_kernreturn Denial Of Service

Exploit Title: MacOS 10.13 - 'workqkernreturn' Denial of Service PoC Date: 2018-07-30 Exploit Author: Fabiano Anemone Vendor Homepage: https://www.apple.com/ Version: iOS 11.4.1 / MacOS 10.13.6 Tested on: iOS / MacOS CVE: Not assigned Tweet: https://twitter.com/anoane/status/1048549170217451520 i...

macOS 10.13 - workq_kernreturn Denial of Service Exploit

Exploit for macOS platform in category dos / poc Exploit Title: MacOS 10.13 - 'workqkernreturn' Denial of Service PoC Exploit Author: Fabiano Anemone Vendor Homepage: https://www.apple.com/ Version: iOS 11.4.1 / MacOS 10.13.6 Tested on: iOS / MacOS CVE: Not assigned Tweet:...

Apple macOS 10.13 - workq_kernreturn Denial of Service (PoC)

Apple macOS 10.13 - workqkernreturn Denial of Service PoC / Exploit Title: MacOS 10.13 - 'workqkernreturn' Denial of Service PoC Date: 2018-07-30 Exploit Author: Fabiano Anemone Vendor Homepage: https://www.apple.com/ Version: iOS 11.4.1 / MacOS 10.13.6 Tested on: iOS / MacOS CVE: Not assigned...

Apple macOS 10.13 - &#039;workq_kernreturn&#039; Denial of Service (PoC)

/ Exploit Title: MacOS 10.13 - 'workqkernreturn' Denial of Service PoC Date: 2018-07-30 Exploit Author: Fabiano Anemone Vendor Homepage: https://www.apple.com/ Version: iOS 11.4.1 / MacOS 10.13.6 Tested on: iOS / MacOS CVE: Not assigned Tweet: https://twitter.com/anoane/status/1048549170217451520...