A dangling pointer vulnerability is present in WebRTC's PacketRouter due to an SDP SIM group SSRC from one track (e.g., video) colliding with an existing SSRC from a different track (e.g., audio). This inconsistency between the send_modules_map_ and the send_modules_list_ can lead to a use after free.
426fe7fd9743d7c7d9ba2167f870968aaad57ccdefafb8bca89ee26333cad8beAn out-of-bounds read / write due to missing bounds check in the mtk-jpeg driver can lead to memory corruption and potential escalation of privileges.
e41201a7980c88fc58347c600192d9a70df411c527756cf6c4ba17ebb7bb7705A race condition in the Android mtk_jpeg driver can lead to memory corruption and potential local privilege escalation.
b9bbc877dec293cdae380289c906920975d5c1e2eb6ec78818aa966c315357ceThe Microsoft Windows kernel suffers from a containerized registry escape through integer overflows in VrpBuildKeyPath and other weaknesses.
c1feae840787713bb89848cc8ba310ff0f5a1d43e23d59e1de207223ba6d1278PowerVR suffers from a multitude of memory management bugs including out-of-bounds access and information leakage.
c135dd9da4f49945f6ffab49beafba001bf366477d6ac30866c7fd5a8b312a8eLinux suffers from a small remote binary information leak in DCCP.
8f509db352a5daf100520971c2666cea99bc2b733614a6fbd107c438f44733beThe Microsoft Windows Kernel suffers from out-of-bounds reads and paged pool memory disclosure in VrpUpdateKeyInformation.
c87a5d6aa220b6741ae4904759814e063965888e7a3ac2b1614f1cd3581ff6a2The Microsoft Windows Kernel suffers from a paged pool memory disclosure in VrpPostEnumerateKey.
349851510cbd7d10a7c2d7d53d9ff2f6105bc83bca4a0b424c2ec5e16ae09df1The Microsoft Windows Kernel passes user-mode pointers to registry callbacks, leading to race conditions and memory corruption.
57a9fd976b42cf097a3782222d89382836eb91d0a5a6fd4b8b16b49f2a40d715Chrome checks in ReduceJSLoadPropertyWithEnumeratedKey are not sufficient to prevent the engine from reading an out-of-bounds index from an enum cache.
d2720d577ee6196fb4e71365c0315fa67c9c9abb683aa559628add3042c1ecceChrome suffers from an issue with dangling FixedArray pointers in Torque that can lead to memory corruption.
1bf880f7ba1c3955eba8b9696b7db8f2836b2579a921f40d918c9f7f376eb6daWhen deserializing an SkPath, there is some basic validation performed to ensure that the contents are consistent. This validation does not use safe integer types, or perform additional validation, so it's possible for a large path to overflow the point count, resulting in an unsafe SkPath object.
7e0793cb8767bd5e3e5ac3845bbfc7ec6d83d30f81733f1592b40df7805b3a2fThere is a race condition in edgetpu_pin_user_pages which is reachable from some unprivileged contexts, including the Camera app, or the Google Meet app.
f2c097f59fbb9a93bf14610f9faf8be4d99e83e00ca52f16c11b8af6ef496e22The Microsoft Windows kernel does not reset security cache during self-healing, leading to refcount overflow and use-after-free conditions.
4eb4fd48ea37a8b3e89dd2a59229350611f16a4367ff0dcf43fef634da02c00cChrome suffers from a read-only property overwrite in TurboFan.
339e46027cc8b8c66cb28ff3c463ad6c47cf6f8ffb6529887e6307d9537ad24cThe Linux 6.4 kernel suffers from a use-after-free condition due to per-VMA locks that introduce a race between page fault and MREMAP_DONTUNMAP.
3d39c971dd3c9a3c68ba92f6935c1ac85bc812d562760cadb42454ab84afcb68The Microsoft Windows Kernel has an issue where a partial success of registry hive log recovery may lead to inconsistent state and memory corruption.
8d90d52ff176f1f9884d9ffea04d9338aa0c0d819ae01d9535ea91d209a17c4fThe Microsoft Windows Kernel suffers from out-of-bounds reads due to an integer overflow in registry .LOG file parsing.
2cb8dc117b540fd74b32ad5e82a39042ad150a5cea6b1be9d4e6170722bb1281Windows still suffers from issues related to the replacement of the system drive letter during impersonation. This can be abused to trick privilege processes to load configuration files and other resources from untrusted locations leading to elevation of privilege.
51212fb8ba211343dbd84b024c9c604426cec77c9b3e2b2de253af6449695b28There is a race between mbind() and VMA-locked page faults in the Linux 6.4 kernel, leading to a use-after-free condition.
78b0a4905933278287d325ebef0bf5c144a4c579eaaf4874daf17a797f5aa2b7Microsoft Windows Kernel renaming layered keys does not reference count security descriptors, leading to a use-after-free condition.
07ccb330f6ce87a10f6763766477dee076f0af9a3d5ca41262bb308dae53fe47Chrome IPCZ FragmentDescriptors are not validated allowing for an out-of-bounds crash condition.
adc68a8b0a6ff50085071702ac5d18e4499b667b8b192dadf209cd4cf9ae81eeThe Microsoft Windows Kernel CmDeleteLayeredKey may delete predefined tombstone keys, leading to security descriptor use-after-free.
a393bdd205b55a25a4010667d7d283c1bd373af4b7bb30a36f33608cf1edeb3fThe Microsoft Windows Kernel may reference rolled-back transacted keys through differencing hives.
b39149935b26f2a93874ead5ff16c8bafcc4acc7b2b341ba68ed2751bb86aa82The Microsoft Windows Kernel may reference unbacked layered keys through registry virtualization.
7b5280c111b616102ccc14ddef413c7f8bbeeb1ba04df2aa047b88bdfe97d452
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed