CVE-2015-6996

Related Files

OSMetaClassBase:safeMetaCast Return Value Check Fail

Posted Jan 27, 2016

Authored by Google Security Research, Ian Beer

IOUserClient::connectClient is an obscure IOKit method which according to the docs is supposed to "Inform a connection of a second connection." In fact IOKit provides no default implementation and only a handful of userclients actually implement it, and it's pretty much up to them to define the semantics of what "informing the connection of a second connection" actually means. One of the userclients which implements connectClient is IOAccelContext2 which is the parent of the IGAccelContext userclient family (which are the intel GPU accelerator userclients.) IOUserClient::connectClient is exposed to userspace as IOConnectAddClient.

tags | exploit

systems | linux

advisories | CVE-2015-6996

SHA-256 | e6b28ef3cbbacff31eb961ab63d921cbf6e4a18a44fb51c2925eaa646004d804

Download | Favorite | View

Apple Security Advisory 2015-10-21-2

Posted Oct 21, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-10-21-2 - watchOS 2.0.1 is now available and addresses arbitrary code execution, heap buffer overflow, and various other vulnerabilities.

tags | advisory, overflow, arbitrary, vulnerability, code execution

systems | apple

advisories | CVE-2015-5916, CVE-2015-5925, CVE-2015-5926, CVE-2015-5927, CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5939, CVE-2015-5942, CVE-2015-6974, CVE-2015-6989, CVE-2015-6996, CVE-2015-7006, CVE-2015-7015

SHA-256 | b5fed81d5b6693b68f892dc91bbaa73fd5b0465588a6086b31825b77a194c21c

Download | Favorite | View