Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.Īn issue was discovered in WSO2 Enterprise Integrator 6.4.0. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).Ī use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.Ī use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.Ĭheck Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The impact depends on the privileges of the attacker. OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.
The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver.
0 kommentar(er)
