Android suffers from multiple race condition vulnerabilities in the media.metrics service.
a656fd451726abc4db30105b2ca67987815f338e9dadcd85a7b86bfb41ec66b0Chromium suffers from an information disclosure vulnerability via the memory_instrumentation::mojom::Coordinator interface in the resource_coordinator service.
8f1e7d94c7bacd867eadee5a2e0446540a438c33731c077276a64140fe9ca89cChromium suffers from an issue where calling mojo::WrapSharedMemoryHandle is insufficient to produce read-only descriptors for IPC.
0c46a91f3c32f52b62bfb60bb13c87615b045cdf420a8d8482253ec38f461b90Chromium suffers from an issues where read-only SharedMemory descriptors on Android are writable.
c639c315e5c2cd33cc9d9132a1943aa075dc30df5205d89729d91cdac3c913ebA Chromium incorrect size calculation when deserializing Mojo "Event" messages can lead to out-of-bounds access.
4541b3a1207de2977b0a35916b1c9723661e8db7a73258d0661f4326880c004cThe keystore binder service ("android.security.IKeystoreService") allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux contexts, including application contexts, but also unprivileged daemons such as "media.codec". A permission bypass vulnerability exists in the KeyStore service due to getpidcon.
6ed0443148f7bc7399d221b938f4d9d513e62f7eb29fc37ea0cebb2f098bfa44Chromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Directory mojo interface in the catalog service.
cc97041329fb5fde5d5be5b7ba4a75fde06179aa88f36bf5eb0548c2978bc596Android hardware service manager suffers from an arbitrary service replacement issue due to getpidcon.
f3c654241f72f6831aeb0f59add58d0444e58c9b772cb063afceb130c32cf237The Android MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a Bundle and transferred via binder to remote processes.
029f917e2e536de18d04761028191f4815fb7c9f5d6d53318a48a27ff5c347bbBroadcom suffers from an information leak vulnerability in ICMPv6 router advertisement offloading.
9c5be915161b05ece6582250e12e4414f152875c9a690b3c5e891a030e63fcb5Broadcom suffers from denial of service and out-of-bounds read vulnerabilities in TCP KeepAlive Offloading.
0fd01faa7f991415a9981c3f63751b39f36aaeb1dec6b946eaed0cb7adfa715fBroadcom suffers from multiple overflow vulnerabilities when handling 802.11r (FT) Reassociation Response.
4e4363e0afff7c0a8c3e6b53d804a1172c36d104c17e2a3b7c6eebe8edf51451Broadcom suffers from an out-of-bounds write when handling 802.11k Neighbor Report Response.
82fc971e12c2491131ffec544a1ec8c4c1c02697141d693f357d4951ceab15ceBroadcom suffers from a heap overflow vulnerability when handling 802.11v WNM Sleep Mode Response.
bfafe6c08335222f164c3154a1ec33d8b038b473faa28bc94fc7946a6d0e9bbaApple products suffers from an information leak when handling WLC_E_COUNTRY_CODE_CHANGED event packets.
d9fd260e76fa5bb413e17f4cda2ada7d5e896a778a13ebaf5b7d8bf3679a09e6The Apple PCIe Message Ring protocol suffers from multiple race conditions that can lead to out-of-bounds read and writes.
9d829639573f82bd62beacc1312bfa32eb067d298b7f05c51fa7d65065d918c1Heap overflow and information disclosure vulnerabilities exist in Apple's setVendorIE when handling ioctl results.
c549b5fce03407f8bce467f2a8413f2729a2df5e52d5696e76a216319fcaedd3Apple products suffer from an issue where an out-of-band NUL byte write occurs when handling WLC_E_TRACE event packets.
47ee5c128bfcfb4a1dc15e92a364f7ed639bb5fa9a32e0849814541a789a8c46A heap overflow vulnerability exists in Apple's updateRateSetAsyncCallback when handling ioctl results.
5baf4461e02f823d473ce5e80cdf29107fb3e4d0bc77201b0a37d01d752ae1baThere is a heap overflow vulnerability in Apple's assembleBGScanResults when handling ioctl results.
e497d754530da645d0dfa81b8d9378547e7195bb0e4f5b900f516e4799502c81There is a heap overflow in Apple's AppleBCMWLANCore driver when handling Completed Firmware Timestamp messages (0x27).
859f5e2dd3a8465d5b3ba18254bb4a28a1247d2b72149d337adb0d58d1245663Trustonic's Trusted Execution Environment (TEE) OS fails to perform revocation of trustlets.
5292643705b2a592ce4d79010191e3052ef98b5f67f2a9fe9356b30677b6295eMultiple Android devices do not revoke known-bad QSEE trustlets.
17ae488394ddefdc0e0c926eda5fcf2f19e66c833209048a10977e69275c94e5Broadcom suffers from a host to dongle information leak via wldev_ioctl.
041b12daf028a74772de5874f4f3807b189eefcc5651de1a44fae1f291723a91Broadcom suffers from multiple memory corruption vulnerabilities in bcmdhd when handling WLFC information.
f5a58cf7ae8276a39860c6aea58e0dbe45912d3449e817de2e068153129564d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed