exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files from hawkes

Email addresshawkes
First Active2015-08-20
Last Active2021-11-23
Samsung NPU (Neural Processing Unit) Memory Corruption
Posted Nov 23, 2021
Authored by Google Security Research, hawkes

Samsung NPU (Neural Processing Unit) suffers from a memory corruption vulnerability in shared memory parsing.

tags | exploit
SHA-256 | ae0ce502ea239b6ff62e9ce804417d80f2414f3377885e22e112a0fe2059f1e5
Samsung NPU npu_session_format Out-Of-Bounds Write
Posted Jun 17, 2021
Authored by Google Security Research, hawkes

Samsung NPU (Neural Processing Unit) suffers from an out-of-bounds write vulnerability in npu_session_format.

tags | exploit
advisories | CVE-2021-25407
SHA-256 | c1b571dff4d7f86aae1597fdb8aa5e8932400ee1c1aed35b56eab3315ec48ed8
Qualcomm Adreno GPU PID Reuse Mapping Leak
Posted Dec 15, 2020
Authored by Google Security Research, hawkes

Qualcomm Adreno GPU PID reuse can lead to a shared mapping leak vulnerability.

tags | exploit
advisories | CVE-2020-11311
SHA-256 | 3e3e7b15f4478de5e65c145f4176a69491a971efa9d024d29399588336df506c
Microsoft Windows Kernel cng.sys Buffer Overflow
Posted Oct 30, 2020
Authored by Mateusz Jurczyk, Google Security Research, hawkes

The Microsoft Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape).

tags | exploit, kernel
systems | windows
advisories | CVE-2020-17087
SHA-256 | dcd9bb74f157ccd45992a6aeffd77f590ad19684a1b4e9e165f72d39d919d700
Qualcomm Adreno GPU Ringbuffer Corruption / Protected Mode Bypass
Posted Sep 8, 2020
Authored by Google Security Research, hawkes

The Qualcomm Adreno GPU shares a global mapping called a "scratch" buffer with the Adreno KGSL kernel driver. The contents of the scratch buffer can be overwritten by untrusted GPU commands. This results in a logic error in the Adreno driver's ringbuffer allocation code, which can be used to corrupt ringbuffer data. A race condition exists between the ringbuffer corruption and a GPU context switch, and this results in a bypass of the GPU protected mode setting. This ultimately means that an attacker can read and write arbitrary physical addresses from userland by running GPU commands while protected mode disabled, which results in arbitrary kernel code execution.

tags | exploit, arbitrary, kernel, code execution
advisories | CVE-2020-11179
SHA-256 | d663ef06eb4e7deef8bdea200e905217412428d8532fa626e3c1c5c2a7641f51
Windows 7 win32k Bitmap Use-After-Free
Posted Jun 16, 2016
Authored by Google Security Research, hawkes, Nils Sommer

This proof of concept crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce.

tags | exploit, proof of concept
systems | linux, windows
advisories | CVE-2016-0173
SHA-256 | b7aa281ca915adfcd3f0036cfcc5520eaeec49ed0e0bd9d5eefcf699d19dd4d5
Windows 7 win32k Bitmap Use-After-Free
Posted Jun 16, 2016
Authored by Google Security Research, hawkes

This proof of concept triggers a blue screen on Windows 7 with special pool enabled on win32k.sys. A reference to the bitmap object still exists in the device context after it has been deleted.

tags | exploit, proof of concept
systems | linux, windows
advisories | CVE-2016-0171
SHA-256 | f04d7b9b1c0e9540acf78ea24f4a7cb1a5447a0d505993588c4d2ec4d70d0eef
Windows Kernel DrawMenuBarTemp Wild Write
Posted Apr 19, 2016
Authored by Google Security Research, hawkes

The attached testcases crashes Windows 7 64-bit while attempting to write to an unmapped memory region. On 32-bit Windows 7 it triggers a null pointer read.

tags | exploit
systems | linux, windows
advisories | CVE-2016-0143
SHA-256 | d89d761020ed70dcb07f77ce385b34df9657da7e12a58b54828167ae00247fe1
Windows Kernel Bitmap Use-After-Free
Posted Mar 31, 2016
Authored by Google Security Research, hawkes

The included proof of concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways (two examples attached).

tags | exploit
systems | linux, windows
advisories | CVE-2016-0094
SHA-256 | 334ccb9b33707106918a652ebdbd6d7df094cb52fd14eb8f7403eeb469b3b0e0
Windows Kernel NtGdiGetTextExtentExW Out-Of-Bounds Memory Read
Posted Mar 31, 2016
Authored by Google Security Research, hawkes

The included proof of concept crashes Windows 7 with special pool enabled on win32k.sys. The crash is due to accessing memory past the end of a buffer.

tags | exploit, proof of concept
systems | linux, windows
advisories | CVE-2016-0093
SHA-256 | d1cb75bbdfdf9855ca5d70385b89f109e579981fd6cb4edadbfa504aac5e36b2
Linux Netfilter IPT_SO_SET_REPLACE Memory Corruption
Posted Mar 11, 2016
Authored by Google Security Research, hawkes

A memory corruption vulnerability exists in the IPT_SO_SET_REPLACE ioctl in the netfilter code for iptables support. This ioctl is can be triggered by an unprivileged user on PF_INET sockets when unprivileged user namespaces are available (CONFIG_USER_NS=y). Android does not enable this option, but desktop/server distributions and Chrome OS will commonly enable this to allow for containers support or sandboxing.

tags | exploit
systems | linux
SHA-256 | 03f257b053d3c64d24ffa875e29a5087f0fb6d4e4e961129c6bb78d5f11f52a4
Qualcomm Adreno GPU MSM Driver Perfcounter Query Heap Overflow
Posted Feb 29, 2016
Authored by Google Security Research, hawkes

The Adreno GPU driver for the MSM Linux kernel contains a heap overflow in the IOCTL_KGSL_PERFCOUNTER_QUERY ioctl command. The bug results from an incorrect conversion to a signed type when calculating the minimum count value for the query option. This results in a negative integer being used to calculate the size of a buffer, which can result in an integer overflow and a small sized allocation on 32-bit systems.

tags | exploit, overflow, kernel
systems | linux
SHA-256 | 11c959c3433bd2e4a4a0b93cec8f7ba66f5dab8a114dc0cadb5fc6c6bc5f818f
Linux io_submit L2TP Sendmsg Integer Overflow
Posted Feb 25, 2016
Authored by Google Security Research, hawkes

In certain kernel versions it is possible to use the AIO subsystem (io_submit syscall) to pass size values larger than MAX_RW_COUNT to the networking subsystem's sendmsg implementation. In the L2TP PPP sendmsg implementation, a large size parameter can lead to an integer overflow and kernel heap corruption during socket buffer allocation. This could be exploited to allow local privilege escalation from an unprivileged user account.

tags | exploit, overflow, kernel, local
systems | linux
SHA-256 | 4e8facb5af3635bb5a75286e2815b09aff43b1be7ba523d3b34d41c5a7c53bed
Samsung M2m1shot Kernel Driver Buffer Overflow
Posted Oct 28, 2015
Authored by Google Security Research, hawkes

The Samsung m2m1shot driver framework is used to provide hardware acceleration for certain media functions, such as JPEG decoding and scaling images. The driver endpoint (/dev/m2m1shot_jpeg) is accessible by the media server. The Samsung S6 Edge is a 64-bit device, so a compatibility layer is used to allow 32-bit processes to provide structures that are expected by the 64-bit driver. There is a stack buffer overflow in the compat ioctl for m2m1shot.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-7892
SHA-256 | b0c5900d4ce52a323271b9224cc5fd02fc37af255afea06a937e89a8d81fdecd
Microsoft Office 2007 RTF XML SmartTags Use-After-Free
Posted Aug 25, 2015
Authored by Google Security Research, hawkes

Microsoft Office 2007 suffers from a RTF XML SmartTags use-after-free vulnerability.

tags | advisory
systems | linux
advisories | CVE-2015-1651
SHA-256 | 9112fd06f8a9594124ac555685a4c390b42d8b36cbf029a9deca63894f80b49e
Microsoft Office 2007 OneTableDocumentStream Invalid Object
Posted Aug 25, 2015
Authored by Google Security Research, hawkes

Microsoft Office 2007 suffers from a OneTableDocumentStream invalid object vulnerability.

tags | exploit
systems | linux
advisories | CVE-2015-0065
SHA-256 | 71aae25eeff40a890630b5def4b9a4c33395e8cd48b05b1af664a30be591e023
Microsoft Office 2007 Malformed Document Stack-Based Buffer Overflow
Posted Aug 25, 2015
Authored by Google Security Research, hawkes

Microsoft Office 2007 suffers from a stack-based buffer overflow vulnerability when handling a malformed document.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-0064
SHA-256 | fc3f3a43acba1f2993d16df8be2f8af7217caf24ea88bc37b3ab71571b41e296
Adobe Flash URL Resource Use-After-Free
Posted Aug 21, 2015
Authored by Google Security Research, hawkes

Adobe Flash suffers from a URL resource use-after-free vulnerability.

tags | exploit
systems | linux
advisories | CVE-2015-4430
SHA-256 | b04ff115627b5b76c68978f46ab63e22389ddd834b882f77fa2abc234019242e
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated TTF File Embedded In SWF
Posted Aug 21, 2015
Authored by Google Security Research, hawkes

An out-of-bounds memory read occurs when Adobe Flash parses a mutated TTF file embedded in a swf.

tags | exploit
systems | linux
advisories | CVE-2015-5133
SHA-256 | 3e2118575612a001e7d4cabff18c63bc1b2734d53f9b701a601c82011bcff5be
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated SWF File
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

An access violation occurs in Adobe Flash Player plugin while parsing a mutated swf file.

tags | exploit
systems | linux
advisories | CVE-2015-5132
SHA-256 | a9bceda55620d3ed4cd20aec8a272a586fc3442122decbc24a9ba59a81f9b08b
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated SWF File
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

An access violation occurs in Adobe Flash Player plugin while parsing a mutated swf file.

tags | exploit
systems | linux
advisories | CVE-2015-5131
SHA-256 | d1b4ab4f8b0404b6ba7f6fd0ce0dddffa431bd6d447a9316b9385e81916c89f2
Flash Out-Of-Bounds Read In UTF Conversion
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

This is a OOB read vulnerability when processing the SCRIPTDATASTRING object in Flv file.

tags | exploit
systems | linux
advisories | CVE-2015-3134
SHA-256 | b7ac22badf51c7c646164605a8e31a6bc88e7bf96892a72cbd86c59704b16c46
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close