23 matches found
CVE-2026-46182
A flaw was found in the Linux kernel, specifically within the pseries/papr-hvpipe module. This vulnerability could allow a local user to gain access to uninitialized kernel stack memory. The issue arises because certain padding bytes in a data structure are not cleared before being sent to...
CVE-2021-47339 media: v4l2-core: explicitly clear ioctl input data
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google Inc. in the United States. Google Android suffers from a security vulnerability that stems from allowing uninitialized kernel memory to be returned to user space...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5962)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5962 advisory. - drm/vmwgfx: Make sure backuphandle is always valid Sinclair Yeh Orabug: 31352076 CVE-2017-9605 - random32: move the pseudo-random 32-bit...
Important kernel security update: Virtuozzo ReadyKernel patch 110.0 for Virtuozzo Hybrid Server 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0 and Virtuozzo Hybrid Infrastructure 3.5
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.0 and Virtuozzo Infrastructure Platform. Vulnerability id: CVE-2020-10711 3.10.0-862.20.2.vz7.73.24 to 3.10.0-1062.12.1.vz7.131.10...
CVE-2019-19535
A flaw was found in the Linux kernel’s implementation of the Peak CANBUS USB device driver. An information leak caused by the device could allow a local attacker to possibly gain private information from uninitialized kernel memory...
CVE-2017-16994
The walkhugetlbrange function in 'mm/pagewalk.c' file in the Linux kernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb ranges. This allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore system call...
iOSmacOS 10.13.6 - if_ports_used_update_wakeuuid() 16-byte Uninitialized Kernel Stack Disclosure
iOSmacOS 10.13.6 - ifportsusedupdatewakeuuid 16-byte Uninitialized Kernel Stack Disclosure / macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the...
Microsoft Windows - nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformati
Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQuerySystemInformation system call invoked with the 138 information class discloses portions of uninitialized kernel pool memory to user-mode clients. The specific information class is handled by an internal...
CVE-2017-16994
The walkhugetlbrange function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore system call...
CVE-2017-16994
The walkhugetlbrange function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore system call...
CVE-2017-14991
The sgioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SGGETREQUESTTABLE ioctl call for /dev/sg0...
CVE-2017-14991
The sgioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SGGETREQUESTTABLE ioctl call for /dev/sg0...
CVE-2017-14991
The sgioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SGGETREQUESTTABLE ioctl call for /dev/sg0...
Microsoft Windows Kernel - win32k!NtGdiDoBanding Stack Memory Disclosure Exploit
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1304 We have discovered that the win32k!NtGdiDoBanding system call discloses portions of uninitialized kernel stack memory to user-mode clients. More specifically, exactly 8 byte...
Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessVmCounters)' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1190&desc=2 We have discovered that the nt!NtQueryInformationProcess system call called with the ProcessVmCounters information class discloses portions of uninitialized kernel stack memory to user-mode clients, due to output...
CVE-2017-9605
The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...
Buffer overflow
The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...
CVE-2017-9605
CVE-2017-9605 affects the Linux kernel (up to and including 4.11.4) via the vmw_gb_surface_define_ioctl path (DRM_IOCTL_VMW_GB_SURFACE_CREATE) in vmwgfx_surface.c. The defect is that backup_handle is defined but not initialized, so when creating a GB surface with a previously allocated DMA buffer...
CVE-2017-9605
The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...