Posts Tagged ‘kernel’

XNU Kernel Memory Corruption

The XNU kernel suffers from a memory corruption vulnerability due to an integer overflow in the __offsetof usage in posix_spawn on 32-bit platforms. Source: XNU Kernel Memory Corruption

XNU Kernel API Memory Disclosure

There is a XNU kernel memory disclosure flaw caused by a bug in the kernel API for detecting kernel memory disclosures. No, this isn’t a failure at writing a description. Source: XNU Kernel API Memory Disclosure

Linux mincore() Kernel Heap Page Disclosure

Linux mincore() discloses uninitialized kernel heap pages. When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present pages. However, do_mincore() assumes that it will always get callbacks for all pages in the range passed to walk_page_range(), and when this assumption is violated, sys_mincore() copies uninitialized memory from […]

Microsoft Windows Kernel Pool Address Derivation

The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented “escape” interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications […]