Vulnerabilities tagged "exploit strategy"

Exploitation of the TIPC heap overflow bug based on a keylength being used in a `memcpy()` call before it was validated.Two objects are used in combination with the overflow to achieve code execution...

Focuses on exploiting an Out-of-Bounds (OOB) read in the `IOSurface` subsystem.The vulnerability was an unchecked `scalar0` index into the scalar input array in `IOMobileFramebufferUserClient::get_displayed_surface()` called by `IOMobileFramebuffers::s_displayed_fb_service()`...

Heap based overflow in the Windows Kernel (ntfs.sys). This was originally found in the wild by Kaspersky, though Alex Plaskett here digs much more into the vulnerability and exploitation, and takes it in bit of a new direction removing the need for a separate info-leak.

Three vulnerabilities in Qualcomm's Neural Processing Unit (NPU) driver. Specifically the article focuses on Samsung devices, as, for whatever reason, the NPU device is accessible to untrusted users where it isn't on most other devices.

Heap overflow in the AMD GPU driver's debugfs write handler for display port test patterns.The driver allocates a 100 byte write buffer to copy data into, but uses the debugfs handler's size parameter for the actual copy...

A privilege escalation to root in PHP FPM from a worker process where the attacker has arbitrary memory read/write and has escaped the PHP sandbox.

There is an out-of-bounds access that occures by causing Squirel to lookup a method in the array of class fields.

Ignoring plenty of nuance, `tiocspgrp` (TTY IOCTL Set Process Group) would grab the wrong lock.Pseudoterminals (pty) have a master and a slave device, both of which are controlled by userland and can have ioctls called on them...

Seven vulnerabilities in Windows.Starts off with a lot of background information on Windows kernel I/O, how Time-of-Check Time-of-Use (TOCTOU) works, and an overview of Advanced Local Procedure Calling (ALPC), which is a set of high performance IPC syscalls...

There is a use-after-free on Chrome for Android when fetching credit card details to autofill. This vulnerability does require the victim have credit card details saved by Chrome.