Category Archives: Advisories

USN-6950-3: Linux kernel (Oracle) vulnerabilities

Read Time:1 Minute, 17 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– Block layer subsystem;
– Bluetooth drivers;
– Clock framework and drivers;
– FireWire subsystem;
– GPU drivers;
– InfiniBand drivers;
– Multiple devices driver;
– EEPROM drivers;
– Network drivers;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– 9P distributed file system;
– Network file system client;
– SMB network file system;
– Socket messages infrastructure;
– Dynamic debug library;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Multipath TCP;
– NSH protocol;
– Phonet protocol;
– TIPC protocol;
– Wireless networking;
– Key management;
– ALSA framework;
– HD-audio driver;
(CVE-2024-36883, CVE-2024-36940, CVE-2024-36902, CVE-2024-36975,
CVE-2024-36964, CVE-2024-36938, CVE-2024-36931, CVE-2024-35848,
CVE-2024-26900, CVE-2024-36967, CVE-2024-36904, CVE-2024-27398,
CVE-2024-36031, CVE-2023-52585, CVE-2024-36886, CVE-2024-36937,
CVE-2024-36954, CVE-2024-36916, CVE-2024-36905, CVE-2024-36959,
CVE-2024-26980, CVE-2024-26936, CVE-2024-36928, CVE-2024-36889,
CVE-2024-36929, CVE-2024-36933, CVE-2024-27399, CVE-2024-36946,
CVE-2024-36906, CVE-2024-36965, CVE-2024-36957, CVE-2024-36941,
CVE-2024-36897, CVE-2024-36952, CVE-2024-36947, CVE-2024-36950,
CVE-2024-36880, CVE-2024-36017, CVE-2023-52882, CVE-2024-36969,
CVE-2024-38600, CVE-2024-36955, CVE-2024-36960, CVE-2024-27401,
CVE-2024-36919, CVE-2024-36934, CVE-2024-35947, CVE-2024-36953,
CVE-2024-36944, CVE-2024-36939)

Read More

Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5)

Read Time:24 Second

Posted by Security Explorations on Aug 13

Hello All,

There is an architectural / design issue of PlayReady, which can be
successfully exploited to gain access to license server by arbitrary
clients. The problem has its origin in flat certificate namespace /
reliance on a single root key in PlayReady along no auth at license
server end by default (deemed as no bug by Microsoft).

PlayReady client certificates encountered in Windows 10 / 11 and
CANAL+ STB device environments share a…

Read More

USN-6954-1: QEMU vulnerabilities

Read Time:34 Second

Markus Frank and Fiona Ebner discovered that QEMU did not properly
handle certain memory operations, leading to a NULL pointer dereference.
An authenticated user could potentially use this issue to cause a denial
of service. (CVE-2023-6683)

Xiao Lei discovered that QEMU did not properly handle certain memory
operations when specific features were enabled, which could lead to a
stack overflow. An attacker could potentially use this issue to leak
sensitive information. (CVE-2023-6693)

It was discovered that QEMU had an integer underflow vulnerability in
the TI command, which would result in a buffer overflow. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2024-24474)

Read More

ZDI-24-1148: Microsoft Office PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-38171.

Read More

ZDI-24-1147: Microsoft Windows 10 WinREUpdateInstaller_2401B_amd64 Link Following Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-38163.

Read More

ZDI-24-1146: Microsoft Windows 10 WinREUpdateInstaller DLL Hijacking Local Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-38163.

Read More

ZDI-24-1145: Microsoft Office Visio VSDX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-38169.

Read More

ZDI-24-1144: Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39388.

Read More