Assorted[chips] Security Vulnerabilities

Broadcom: Heap overflow in "wl_iw_get_essid" when handling WLC_GET_SSID ioctl results(CVE-2017-0570)

Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On Android devices, the "bcmdhd" driver is used....

Broadcom: Multiple memory corruptions in "bcmdhd" when handling WLFC information (CVE-2017-0571)

Detailed analysis: https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html Broadcom produces the Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer...

Broadcom: Heap overflow in "wlc_tdls_cal_mic_chk" due to large RSN IE in TDLS Setup Confirm frame (CVE-2017-0561)

Broadcom produces the Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. One of the events handled by the BCM...

Broadcom Wi-Fi SoC - dhd_handle_swc_evt Heap Overflow Exploit

Exploit for hardware platform in category remote...

Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow Exploit

Exploit for hardware platform in category remote...

Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE (CVE-2017-0561)

详细分析：https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html Posted by Gal Beniamini, Project Zero It's a well understood fact that platform security is an integral part of the security of complex systems. For mobile devices, this statement rings even truer; modern....

Broadcom: Heap overflow in "wl_run_escan" when handling WLC_GET_VALID_CHANNELS ioctl results(CVE-2017-0568)

Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On Android devices, the "bcmdhd" driver is used....

Broadcom: Heap overflow in "dhd_handle_swc_evt"(CVE-2017-0569)

roadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On Android devices, the "bcmdhd" driver is used.....

Broadcom: Stack buffer overflow when handling 802.11r (FT) authentication response (CVE-2017-6975)

Detailed analysis of reference : the https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html the first part https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html Part II Broadcom produces the Wi-Fi HardMAC SoCs which are used...

Broadcom Wi-Fi SoC - Heap Overflow in wlc_tdls_cal_mic_chk Due to Large RSN IE in TDLS Setup Confirm

Exploit for hardware platform in category dos /...

Millions Of Smartphones Using Broadcom Wi-Fi Chip Can Be Hacked Over-the-Air

Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction. Just yesterday, Apple rushed out an emergency iOS 10.3.1 patch update to...

Broadcom Wi-Fi SoC - Heap Overflow wlc_tdls_cal_mic_chk Due to Large RSN IE in TDLS Setup Confirm Frame

Broadcom Wi-Fi SoC - Heap Overflow wlc_tdls_cal_mic_chk Due to Large RSN IE in TDLS Setup Confirm...

Broadcom Wi-Fi SoC - dhd_handle_swc_evt Heap Overflow

Broadcom Wi-Fi SoC - dhd_handle_swc_evt Heap...

Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow

...

Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow

Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap...

Broadcom Wi-Fi SoC - Heap Overflow 'wlc_tdls_cal_mic_chk' Due to Large RSN IE in TDLS Setup Confirm Frame

...

Broadcom Wi-Fi SoC - 'dhd_handle_swc_evt' Heap Overflow

...

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)

Posted by Gal Beniamini, Project Zero It’s a well understood fact that platform security is an integral part of the security of complex systems. For mobile devices, this statement rings even truer; modern mobile platforms include multiple processing units, all elaborately communicating with one...

Broadcom: Stack buffer overflow when parsing CCKM reassociation response(CVE-2017-6957)

Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. In order to allow fast roaming between access...

CVE-2017-6957

Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE...

CVE-2017-6957

Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE...

Stack overflow

Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE...

CVE-2017-6957

Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE...

kernel security, bug fix, and enhancement update

[2.6.32-696.OL6] - Update genkey [bug 25599697] [2.6.32-696] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424628] {CVE-2017-6074} [2.6.32-695] - [block] nvme: Dont poll device being removed (David Milburn) [1422521] [2.6.32-694] - [fs] posix_acl: Clear SGID....

Broadcom Stack Buffer Overflow Vulnerability

Exploit for hardware platform in category dos /...

Solar-Log CSRF / Information Disclosure / DoS / File Upload

...

Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities

...

Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple Vulnerabilities

Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple...

Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities

Solare Datensysteme GmbH Solar-Log versions 250, 300, 500, 800e, 1000, 1000 PM+, 1200, and 2000 suffer from cross site request forgery, cross site scripting, file upload, information disclosure, and denial of service...

Microsoft Started Blocking Windows 7/8.1 Updates For PCs Running New Processors

You might have heard the latest news about Microsoft blocking new security patches and updates for Windows 7 and Windows 8.1 users running the latest processors from Intel, AMD, Qualcomm, and others. Don't panic, this new policy doesn't mean that all Windows 7 and 8.1 users will not be able to...

CVE-2017-5017

Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML...

Design/Logic Flaw

Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML...

CVE-2017-5017

Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML...

A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures

Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them, and the worse — the flaw can not be entirely fixed with any mere software update. The vulnerability resides in the...

CVE-2017-5017

Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML...

CVE-2017-5017

Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML...

Router Vulnerabilities Disclosed in July Remain Unpatched

Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published on Monday after private disclosures made to the vendors in July went unanswered. Researcher Pedro Ribeiro of Agile Information Security found accessible admin accounts and command...

Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcomm

Google has patched ten critical vulnerabilities tied to problem-plagued Android components like Mediaserver, NVIDIA’s GPU driver, and Qualcomm’s driver. The most serious bug, according to Google’s January Android Security Bulletin, is the Mediaserver vulnerability. “The most severe of these issues....

Researchers Question Security in AMD's Upcoming Zen Chips

As more computing heads to the clouds, security researchers are questioning the security of virtual machine control panels called hypervisors. One of the first hardware-based solutions to address these concerns will be deployed by chip manufacturer AMD, called Secure Encrypted Virtualization. The.....

Old Linux Kernel Code Execution Bug Patched

A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip...

Cyber Attack Knocks Nearly a Million Routers Offline

Mirai Botnet is getting stronger and more notorious each day that passes by. The reason: Insecure Internet-of-things Devices. Last month, the Mirai botnet knocked the entire Internet offline for a few hours, crippling some of the world's biggest and most popular websites. Now, more than...

Your Headphones Can Spy On You — Even If You Have Disabled Microphone

Have you considered the possibility that someone could be watching you through your webcam? Or Listening to all your conversations through your laptop’s microphone? Even a bit of thought about this probability could make you feel incredibly creepy. But most people think that they have a...

Qualcomm and HackerOne Partner on Bounty Program

Qualcomm kicked off its first bug bounty program Thursday, opening the door for white hat hackers to find flaws in a dozen Snapdragon mobile chipsets and related software. Rewards for the invite-only bug bounty program top $15,000 each. HackerOne will facilitate Qualcomm’s bounty program; the...

Google Releases Supplemental Patch for Dirty Cow Vulnerability

Google’s November Android Security Bulletin, released Monday, patched 15 critical vulnerabilities and addressed 85 CVEs overall. But conspicuously absent is a fix for the Linux race condition vulnerability known as Dirty Cow (Copy-on-Write) that also impacts Android. While Google didn’t issue an...

How to use Rowhammer vulnerability Root Android phone with Video demo+Exploit source code-the vulnerabilities and early warning-the black bar safety net

! Recently, security research experts through research found a root the Android phone to the new method, i.e., by Rowhammer vulnerability to root Android phone. In addition, the attacker can even use this exploit with presently known Android vulnerabilities Bandroid and Stagefright to the target...

Android Rowhammer attack vulnerability (Drammer)

Project Description Drammer is a new attack that exploits the Rowhammer hardware vulnerability on Android devices. It allows attackers to take control over your mobile device by hiding it in a malicious app that requires no permissions. Practically all devices are possibly vulnerable and must wait....

New Drammer Android Hack lets Apps take Full control (root) of your Phone

Earlier last year, security researchers from Google's Project Zero outlined a way to hijack the computers running Linux by abusing a design flaw in the memory and gaining higher kernel privileges on the system. Now, the same previously found designing weakness has been exploited to gain...

Android - 'gpsOneXtra' Data Files Denial of Service

Exploit for Android platform in category dos /...

Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit)

Exploit for Android platform in category local...

Google Android - 'gpsOneXtra' Data Files Denial of Service

...