use-after-free – Page 3 – WindowsTechs.com

Another Linux Kernel Bug Surfaces, Allowing Root Access

Posted on September 28, 2018 by Tara Seals

Android, Debian and Ubuntu users are still at risk. Continue reading Another Linux Kernel Bug Surfaces, Allowing Root Access→

SSD Advisory – IRDA Linux Driver UAF

Posted on September 27, 2018 by SSD / Ori Nimron

Vulnerabilities Summary The following advisory describes two vulnerabilities in the Linux Kernel. By combining these two vulnerabilities a privilege escalation can be achieved. The two vulnerabilities are quite old and have been around for at least 17 … Continue reading SSD Advisory – IRDA Linux Driver UAF→

SSD Advisory – VirtualBox VRDP Guest-to-Host Escape

Posted on August 20, 2018 by SSD / Ori Nimron

Vulnerability Summary VirtualBox has a built-in RDP server which provides access to a guest machine. While the RDP client sees the guest OS, the RDP server runs on the host OS. Therefore, to view the guest OS the RDP client will make a connection to th… Continue reading SSD Advisory – VirtualBox VRDP Guest-to-Host Escape→

SSD Advisory – Linux Kernel AF_PACKET Use After Free (packet_sock)

Posted on August 15, 2018 by SSD / Ori Nimron

Vulnerability Summary UAF vulnerability in Linux Kernel’s implementation of AF_PACKET leads to privilege escalation. AF_PACKET sockets allow users to send or receive packets on the device driver level, which lets them implement their own protocol… Continue reading SSD Advisory – Linux Kernel AF_PACKET Use After Free (packet_sock)→

SSD Advisory – Infiniband Linux Driver UAF

Posted on August 2, 2018 by SSD / Ori Nimron

Vulnerability Summary A bug in the threads synchronization of Infiniband Driver can cause an Use After Free. A struct that is allocated and free’d by a thread, is accessible through a second thread. If the second thread is calling the function &#… Continue reading SSD Advisory – Infiniband Linux Driver UAF→

SSD Advisory – Linux AF_LLC Double Free

Posted on April 30, 2018 by SSD / Noam Rathaus

Vulnerability Summary A use after free vulnerability in AF_LLC allows local attackers to control the flow of code that the kernel executes, allowing them to cause it to run arbitrary code and gain elevated privileges. Vendor Response The vulnerability … Continue reading SSD Advisory – Linux AF_LLC Double Free→

Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10

Posted on December 19, 2017 by Tom Spring

Google’s Project Zero team dubs a new WPAD-related attack as an “aPAColypse Now” that allows a local attacker to compromise a targeted and fully patched Windows 10 PC. Continue reading Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10→

Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer inf… Continue reading SSD Advisory – Linux Kernel XFRM Privilege Escalation→

Category Archives: use-after-free