w h y ? y o u a r e h e r e ?

cve-2016-3768

Due to the duplicate constraints, arch/arm/mach-msm/perf_event_msm_krait_l2.c
drivers marks the event as OFF but returns TRUE to perf_event.c which
goes ahead and allocates the hw_event and enables it.

Since event is marked OFF, kernel events core will try to enable this event
again during next perf_event_enable. Which results in same event enabled
on multiple hw_events. But during the perf_release, event struct is freed
and only one hw_event is released. This results in dereferencing the
invalid pointer and hence the crash.

Read more »

在linux 内核3.16版本之前的fs/pipe.c当中,由于pipe_read和pipe_write没有考虑到拷贝过程中数据没有同步的一些临界情况,造成了拷贝越界的问题,因此有可能导致系统crash以及系统权限提升。这种漏洞又称之为”I/O vector array overrun”。

Read more »

cve-2015-3864是cve-2015-1538同系列中的另外一个漏洞,利用的是解析tx3g中整型上溢,google公布的exploit-38226中通过利用jemalloc的特性对内存进行巧妙的布局,溢出后基本能100%覆盖到MPEG4DataSource的虚表指针。2016年3月18号No ...
Read more »