As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. The OTP TrustZone trustlet suffers from a stack buffer overflow.
d251f615016ad2f13d1ac6b46b510c797add40d6d16be9da1091512713543876Samsung's lkmauth feature suffers from a kernel module verification bypass vulnerability.
d3e8df02ad2ff3dcdcf65ecac7602a7b7a92dabfacf78b38ce1d773ee6732c0dAs a part of the KNOX extensions available on Samsung devices, Samsung provides a new service which allows the generation of OTP tokens and suffers from a heap overflow vulnerability.
5c188675a5f0bb9b4a4a2e92aeb5426c41a9d970faee7de29a34102d938f6483Stack buffer overflow and information disclosure vulnerabilities exist in the Samsung OTP TrustZone trustlet via OTP_GET_CRYPTO_DERIVED_KEY.
4be8f76a129448aa3f0cabbae41989cd16d89dc95b8f9b129a48d198c0e109beAndroid suffers from a heap overflow vulnerability in the tlc_server via the LOAD_TUI_RESOURCE command.
86e702bdd1d488d4d30b48a6d40d70980efaf82cea8187080028d215fe150b1fAs of Android Nougat, a new set of SELinux rules have been added which are designed to prevent system_server from loading arbitrary code into its address-space. However, as system_server is extremely privileged, there are a few vectors through which it may still load arbitrary code, thus bypassing the mitigation mentioned above.
24c10a0d6f4d42cf96eb11a1f2c3700f98a0275e04324e2cd9fff3a0af399fedBecause of a design bug in IOMX, the user-supplied sizes in the GET_PARAMETER and SET_PARAMETER calls ar e discarded before calling in to the responsible OMX code-paths. This has led to a variety of overflow-type bugs.
245303f62a985e2c7f94eea5fb4db0d07c7e4c06a7618c0e4bce59602d707a4cBitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists a code path which allows Bitmaps to be shared between processes by providing an ashmem-mapped file descriptor containing the Bitmap's raw pixel data. The android.graphics.Bitmap class illegally assumes that the size of the ashmem region provided by the user matches the actual underlying size of the Bitmap.
043a3329589da90bcd2c6c0063a9bb264211f6a7b9a85049fc1e91ac861f231eLocal privilege escalation exploit for Qualcomm's Secure Execution Environment (QSEE) that leverages PRDiag* commands.
5b72bda07562bc29d06783e77f7af87f375f1b00dbff74e3b5d146090d024e10
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed