Mauro Carvalho Chehab - Security Researcher - Exploit Intelligence Platform

CVE-2016-7913 WRITEUP HIGH WRITEUP

Linux Kernel < 4.6 - Use-After-Free in xc2028_set_config

The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.

CVSS 7.8

View Code

CVE-2017-8061 WRITEUP HIGH WRITEUP

Linux Kernel 4.9.x-4.10.x < 4.10.7 - Denial of Service via DMA Scatterlist Handling

drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

CVSS 7.8

View Code

CVE-2017-8062 WRITEUP HIGH WRITEUP

Linux Kernel 4.9-4.9.15 and 4.10-4.10.3 - Denial of Service via DMA Scatterlist Handling

drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

CVSS 7.8

View Code

CVE-2017-8064 WRITEUP HIGH WRITEUP

Linux Kernel 4.9.x-4.10.x < 4.10.12 - Denial of Service via DMA Scatterlist Handling

drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

CVSS 7.8

View Code

CVE-2019-19054 WRITEUP MEDIUM WRITEUP

Linux Kernel < 5.3.11 - Denial of Service via Memory Leak in cx23888_ir_probe

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.

CVSS 4.7

View Code

CVE-2020-36766 WRITEUP LOW WRITEUP

Linux kernel <5.8.6 - Info Disclosure

An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.

CVSS 3.3

View Code

CVE-2023-1118 WRITEUP HIGH WRITEUP

Linux Kernel 2.6.36-4.14.308 - Use-After-Free in Infrared Receiver/Transceiver Driver

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

CVSS 7.8

View Code