Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files.Ī use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This could lead to local denial of service in kernel. In camera driver, there is a possible out of bounds write due to a missing bounds check. In face detect driver, there is a possible out of bounds write due to a missing bounds check. In gpu driver, there is a possible out of bounds write due to a missing bounds check. In camera driver, there is a possible memory corruption due to improper locking. In sensor driver, there is a possible out of bounds write due to a missing bounds check. This only occurs in situations with VM_PFNMAP VMAs. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. Session hijacking or similar attacks would not be possible.Īn issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.Īn issue was discovered in WSO2 Enterprise Integrator 6.4.0. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).Ī use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. This CVE ID is unique from CVE-2022-41048.Ī use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41047. Windows Bind Filter Driver Elevation of Privilege Vulnerability. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.Ĭheck Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The impact depends on the privileges of the attacker. OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.Īn issue was discovered in the Arm Mali GPU Kernel Driver. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |