The Mediatek wlan driver on Android has several files exposed under the `/proc` virtual filesystem.Some of these read handles do not check the caller-provided buffer size before copying data out into the user buffer...
The primitive in play here is a handle duplication attack, and basically the LogMeIn device driver has an IOCTL that will temporarily duplicate a handle specified by the caller (attacker). Along with allowing users to open the device with `PROCESS_DUP_HANDLE` one can open the device and then try to duplicate the newly created handle before it gets closed to continue to hold a reference to a privileged handle and use that for an elevation of privilege.
Format string bugs, you'd think we'd be done with them by now, but Shielder here documents one in ASUS routers.
Qualys at it again this time with a skipped initialization code path leading to a small allocation and a buffer overflow deep in glibc's `syslog`.
The vulnerability in the `__io_uaddr_map()` function of the Linux kernel involves the incorrect handling of multi-page regions imported from userspace.This function is intended to map a physically contiguous region of memory from userspace into the kernel's linear mapping area...
The key vulnerability discovered is a relative heap out-of-bounds write in the parsing of MDL files within CS:GO.
A fun but simple buffer overflow in Factorio.When loading save files, the game will load a `PropertyTree` from the file...
Kinda a cool bug dealing with an improper optimization and the usage of an unexpected object from JS, leading to an out-of-bounds access.
One vulnerability a use-after-free in the Linux nftable subsystem, exploitable on the three kernelCTF targets: latest Long-term Stable (LTS) release, Container-optimized build as used by Google Cloud, and a Mitigation build that isn't as up-to-date but includes experimentation mitigations to be bypassed.
A very powerful bug in the `io_uring ` driver of the linux kernel.In this case, the vulnerability is in the handling of registering fixed buffers via the `IORING_REGISTER_BUFFERS` opcode, which allows an application to 'pin' and register memory for long-term use, which includes making it exempt from paging mechanics...