Linux ext4 suffers from an out-of-bounds memcpy via a non-inline system.data xattr.
0cb247cca18add1aee1a164432f6a72cVariant 4 of the speculative execution vulnerability that focuses on a speculative store bypass.
0c2f7e12ec920a6130940707130bd9feLinux suffers from a 4-byte information leak via an uninitialized struct field in the compat adjtimex syscall.
3e22473d4edff1e68082884c6f7a235bFreeBSD Security Advisory - A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here.
a26c0e3e31cfe9f94c14cc22c3de9089MacOS suffers from a sysctl_vfs_generic_conf stack leak through struct padding.
376a5cb1ecad7a5a4de3c6b7b7067429MacOS suffers from a sysctl_default_netsvctype_to_dscp_map and sysctl_dscp_to_wifi_ac_map stack leak through struct padding.
ae34699e2753df4dc0f4fbe8b25d4bd5eBPF had the verifier bug backported to version 4.9-stable.
8a1c22a5152b26d19ce1cffd65c19ab9macOS suffers from a process_policy stack leak through an uninitialized field.
087461a94f1e181ee115eef15d6fd864An information leak using speculative execution exists in CPUs by Intel, AMD, and to some extent, ARM.
b69690cdd34a7503e0457b6da3b6cd0eThis Metasploit module exploits a vulnerability in VMware Workstation Pro and Player on Linux which allows users to escalate their privileges by using an ALSA configuration file to load and execute a shared object as root when launching a virtual machine with an attached sound card. This Metasploit module has been tested successfully on VMware Player version 12.5.0 on Debian Linux.
f3b6448b87cca47f57a97189ff144abbThis is the very thorough blog write-up discussing three variants of side-channel attacks that can be leveraged against CPU data cache timing.
2363cefeef0652a5bd4abcd5e6ee4559eBPF suffers from an arbitrary read and write vulnerability via incorrect range tracking.
ad6516e5054737ab0ef7abdefd3ba79bmacOS suffers from a getrusage stack leak through struct padding.
7b47e5940f3ef53d7ed82338cc4b4ae9macOS suffers from an so_pcb type confusion vulnerability in necp_get_socket_attributes.
420bee1dc1be795e79cb3c03b5f47731Linux mincore() discloses uninitialized kernel heap pages. When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present pages. However, do_mincore() assumes that it will always get callbacks for all pages in the range passed to walk_page_range(), and when this assumption is violated, sys_mincore() copies uninitialized memory from the page allocator to userspace.
bd34c6c3fcf525c4eeb4d8210cfb768cXen allows pagetables of the same level to map each other as readonly in PV domains. This is useful if a guest wants to use the self-referential pagetable trick for easy access to pagetables by mapped virtual address.
7b0613bdfa02a772faa0631e1daf6f95It appears that you can still talk to X11 outside of the Tor sandbox.
21d81cf14e7577ac16e4401020dd33e8On Linux, the eBPF verifier log leaks the lower half of a map pointer.
4dc6117fdf8c57334009b5e438357d7dThis is an issue on MacOS that allows un-entitled root to read kernel frame pointers, which might be useful in combination with a kernel memory corruption bug.
5681e6a07ccbf5cc21fde6f5e3fa61b7MacOS suffers from a kernel register leak via 32-bit syscall exit.
843234a6ae86bbe1332e22a54aaa96c1This vulnerability permits an unprivileged user on a Linux machine on which VMWare Workstation is installed to gain root privileges. The issue is that, for VMs with audio, the privileged VM host process loads libasound, which parses ALSA configuration files, including one at ~/.asoundrc. libasound is not designed to run in a setuid context and deliberately permits loading arbitrary shared libraries via dlopen().
6cd7c22bba1395ea99fb53bce68676a2This is a bug in Xen that permits an attacker with control over the kernel of a 64bit X86 PV guest to write arbitrary entries into a live top-level pagetable.
5a144654a1b03c1ef898b305457a091dVirtualBox suffers from an unprivileged host user to host kernel privilege escalation via ALSA config.
dca9d69e8a8c16f4ac99724d454653cfVirtualBox suffers from a guest-to-host out-of-bounds write via virtio-net.
0748ee091b775b94daca046bf551edc0VirtualBox suffers from an unprivileged host user to host kernel privilege escalation vulnerability via environment and ioctl.
5f5257c0521f76504084b603e8ef11c6
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed