内核层漏洞列表 [OSVDB] (24)

OSVDB/99537(发布:2013-11-07)NMCOPS
CVSS6.9

Goodix GT915 Touchscreen Driver for Android contains a flaw that is triggered when user controlled data is copied to a global variable without a mutual-exlusion mechanism when handling arguments passed to the procfs write handler. This may allow a local attacker to bypass security checks, crash the program, or alter the internal state of the handler.

OSVDB/99536(发布:2013-11-07)NMCOPS
CVSS6.9

Goodix GT915 Touchscreen Driver for Android contains multiple memory corruption flaws that are triggered as user-supplied input is not properly sanitized when processing data written to the procfs file. The program uses user supplied length values without properly bounds checking them, which may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.

OSVDB/100299(发布:2013-10-25)MCOEPS
CVSSN/A

Code Aurora Android for MSM contains an uninitialized variable flaw in the genlock_dev_ioctl() function in drivers/base/genlock.c. The issue is triggered as all members of a structure are not properly initialized before being copied to user space. This may allow a local attacker to gain access to potentially sensitive kernel memory.

OSVDB/100299(发布:2013-10-25)NMCOPS
CVSS4.9

Code Aurora Android for MSM contains an uninitialized variable flaw in the genlock_dev_ioctl() function in drivers/base/genlock.c. The issue is triggered as all members of a structure are not properly initialized before being copied to user space. This may allow a local attacker to gain access to potentially sensitive kernel memory.

OSVDB/97019(发布:2013-09-05)NMCOS
CVSS9.3

Multiple Code Aurora Forum products contain a flaw in the CONFIG_STRICT_MEMORY_RWX feature. The issue is due to the program setting insecure permission for the aforementioned feature. This may allow a remote attacker to manipulate memory objects and more easily execute arbitrary code or crash the program.

OSVDB/96924(发布:2013-08-29)NMCOS
CVSS7.8

Gemini JPEG encoder, Mercury JPEG decoder, and Jpeg1.0 common encoder/decoder contain an unspecified integer overflow condition during the handling of hardware command IOCTL calls that may allow a local attacker to cause a denial of service or potentially execute of arbitrary code.

1234下一页尾页 第1页 / 共4页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站