The XGETBV instruction reads the contents of an internal control register. It is not a privileged instruction and is usually available to userspace. The contents is also exposed via the xstate_bv header in the XSAVE structure. The primary use of XGETBV is determining the XINUSE flags, which allows kernels and userthread implementations to determine what CPU state needs to be saved or restored on context switch. However, it has been observed that these flags appear to be non-deterministic on various Intel CPUs. The data here is currently research and not necessarily considered a security issue, but a reproducer has been included.
52f70932e263ca0679b0fe0ff594007f1bf68c70dc6b9513c57cd5ec7049d4e4AMD Errata 1386 1 is a flaw that affects the AMD Zen 2 family of processors. The observed result of this bug is that changes to xmm or ymm extended registers during normal program execution may be unexpectedly discarded. The implications of this flaw will vary depending on the workload. This is Google's proof of concept exploit.
8a75f5fb07a6ca67733cb5a1185477da6a8313afd2a241201dd4016d48542554Evernote Web Clipper suffered from a same-origin policy bypass vulnerability. The link to the demo exploit was a 403 at the time of addition and has not been included in this post.
edeb6d56c9d50dfe6a6599592c18c494c4d5dc6ad6ea545586270e0e19511589A stack buffer overflow was reported in the cell format processing routines for 123elf, a project that brings Lotus 1-2-3 to Linux. If a victim opens an untrusted malicious worksheet, code execution could occur.
5476d681c79c06b3da58fefb626a51d12aa1fe3643baa4e0015d28e482653efbIn mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in replys, for example fragments of other messages, passphrases or keys.
1a0da9d9e3bf42ea5367e18954311a408e444a40a4960bbf41e240bbab050a63The BN_mod_sqrt() function in OpenSSL versions 1.0.2, 1.1.1, and 3.0, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
b8c560eda5504347f10dd0a9166545d0f6d2637eb9ca4cc2944f2c46e26d7f2bNSS (Network Security Services), Mozilla project's cross-platform security library, suffers from a memory corruption flaw when validating ECDSA signatures.
a1b02e73db5dff5112196a0630115a92894c1a5c5871dfbfe6cb9a06a3c35921ASProtect embeds a runtime DLL that is susceptible to memory corruption. Crash testcase provided.
0c3af34dac839cc3563beab4f1f82c631a6e7dd6c3f3f188065945c4051eb6f1Fedora with Gnome has an issue where it is not using fscaps safely.
5fe12d617595a462d2a4fb41da183c392412f1d518d9ef97c94501d8e6a9f976xscreensaver suffers from a raw socket leak vulnerability. Proof of concept exploit demonstrates running tcpdump via this issue.
a74cc45ea68b70f270c15c99358f40c1fcb59221f47186a18d8ffa318f810cf8There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data and no verification or signature is validated before the vulnerability occurs.
116febb937a201a0c4eba25cc3b30fe506befd25359b35fcac75d7c488a642f1If an application uses iconv() with an attacker specified character set, there's an assertion in the gconv buffer management code that can be triggered, crashing the application. The crash only occurs with ISO-2022-JP-3 encoding.
c6a21c4fe097d825b800e707fc854c169f367c24e1653ab4813d566b22024d97Avast suffers from an out-of-bounds copy vulnerability in Array.prototype.toString.
f4c86758a5b59c76013f851557aec88b7d5f007b50dc4f53d8f8f4cc173c71b3SecureCRT suffers from a memory corruption vulnerability in CSI functions.
e059a439c55289e0f1a5019136f7bbd0d69fc1efd9b8d3c24ced68d1c3f9d004systemd has an issue in systemd-machined where it decrements the reference count when references are still held.
61c6cbf275014763c6c3968d740672023ca6b09cb865c03cf57eb22ce22304c9Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
8b02b403cb65d197b55d479f14ebd82a934af9eca331f69bc357e66acc8a31b2Visual Studio Code enables its remote debugger by default when installed.
6d9478dfbda57a569b646654397e12976adc4715dd2149ef3b1735181e045a80LastPass suffers from an issue where bypassing do_popupregister() leaks credentials from the previous site.
e91aef0b7b7de488bc6fb1b7167218cb57d0484b98f8e1376f39b3cadbd7f574msctf in the Text Services Framework suffers from multiple design flaws that can lead to things like UIPI bypass and interfering with processes.
0e5628d9aca7d795d63bbbab493631e98a1f4027dfdef9907adbf02de03caa93There's a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric.
77ebee2e76c83cac1e5410a53acbe10f9b0064d421f6789060e5502ae995009eThis Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in the MODPROBE_OPTIONS environment variable, resulting in arbitrary command execution with root privileges. This module has been tested successfully on: systemtap 1.2-1.fc13-i686 on Fedora 13 (i686); and systemtap 1.1-3.el5 on RHEL 5.5 (x64).
57d955347310170d1a380dba46ef41462b10f297e733fec17201a3831094af3bThis is a critical memory corruption vulnerability in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines in GnuTLS.
533f01efe3a32a400eae85ee0cf901c9f9719f4ada7f40836cc2938e024c4866NSS suffers from a NULL dereference issue when parsing Netscape Certificate Sequences in CERT_DecodeCertPackage().
d7adf827b738a3a567689a46c8203967c3089100a538ccf2c1e1cb2e8236ad6cMatrixSSL suffers from a stack buffer overflow vulnerability when verifying x.509 certificates.
0ccbebf140226df810122f520adfba7097e335f9c1626f1162be12918d0909ffGhostscript has an issue with pseudo-operators that can lead to remote code execution. Version 9.26 is affected.
6f82dc2c71113403be2f8d208d1801454419d4178873a71ecf3e7231bb75fa9f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed