Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 6

Use-after-free in Linux kernel
CVE-2023-0266

Use-after-free

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_ctl_elem_read() function in the Linux kernel sound subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

i

In December 2022 a complete exploit chain was discovered consisting of multiple 0-days and n-days targeting the latest version of Samsung Internet Browser. The exploits were delivered in one-time links sent via SMS to devices located in the United Arab Emirates (UAE).

The link directed users to a landing page identical to the one Google TAG examined in the Heliconia framework developed by commercial spyware vendor Variston. The exploit chain ultimately delivered a fully featured Android spyware suite written in C++ that includes libraries for decrypting and capturing data from various chat and browser applications. The actor using the exploit chain to target UAE users may be a customer or partner of Variston, or otherwise working closely with the spyware vendor.

Software: Linux kernel

In December 2022 a complete exploit chain was discovered consisting of multiple 0-days and n-days targeting the latest version of Samsung Internet Browser. The exploits were delivered in one-time links sent via SMS to devices located in the United Arab Emirates (UAE).

The link directed users to a landing page identical to the one Google TAG examined in the Heliconia framework developed by commercial spyware vendor Variston. The exploit chain ultimately delivered a fully featured Android spyware suite written in C++ that includes libraries for decrypting and capturing data from various chat and browser applications. The actor using the exploit chain to target UAE users may be a customer or partner of Variston, or otherwise working closely with the spyware vendor.

Privilege escalation in Linux kernel
CVE-2017-7533

Race condition

The vulnerability allows a local user to execute arbitrary code with escalated privileges.

The vulnerability exists due to a race condition in the fsnotify implementation in the Linux kernel through 4.12.4. A local user can create an application, which leverages simultaneous execution of the inotify_handle_event and vfs_rename functions and trigger memory corruption and denials of service attack or execute arbitrary code on the target system with root privileges.

Successful exploitation of this vulnerability may allow a local user to obtain elevated privileges on the system.

Note: this vulnerability is being active exploited in the wild for 32-bit systems in August 2017.

Software: Linux kernel

Privilege escalation in Linux kernel
CVE-2016-5195

Privilege escalation

The vulnerability allows a  local user to obtain elevated privileges on the target system.
The weakness is due to race condition in the kernel memory subsystem in the management of copy-on-write operations on read-only memory mappings that lets attackers to overwrite kernel memory and gain kernel-level privileges.
Successful exploitation of the vulnerability results in gaining of root privileges on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was discovered by security researcher Phil Oester and is called "DIRTY COW".
It is believed that the vulnerability was being exploited in the wild for quite some time.

Software: Linux kernel

The vulnerability was discovered by security researcher Phil Oester and is called "DIRTY COW".
It is believed that the vulnerability was being exploited in the wild for quite some time.

Privilege escalation in Linux kernel
CVE-2016-0728

Use-after-free error

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to use-after-free error in the join_session_keyring() function in security/keys/process_keys.c when handling keyring object reference counting by Linux kernel's key management subsystem. A local attacker can overflow the usage field via a specially crafted object and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The critical Linux kernel flaw (CVE-2016-0728) has been identified by a group of researchers at a startup named Perception Point.
The vulnerability has existed since 2012, but was disclosed in January, 2016.

Software: Linux kernel

The critical Linux kernel flaw (CVE-2016-0728) has been identified by a group of researchers at a startup named Perception Point.
The vulnerability has existed since 2012, but was disclosed in January, 2016.

Arbitrary code execution in Linux kernel
CVE-2012-2319

Buffer overflow

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the driver within HFS plus filesystem. By using a specially crafted Hierarchical File System (HFS) filesystem, a local attacker can trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This is a zero-day according to Trustwave.

CVE-2012-2319 is a follow-up to CVE-2009-4020; issues in the HFS file system were detailed and patched on Dec. 3, 2009, but HFSPlus was left vulnerable until May 4, 2012.

Software: Linux kernel

This is a zero-day according to Trustwave.

CVE-2012-2319 is a follow-up to CVE-2009-4020; issues in the HFS file system were detailed and patched on Dec. 3, 2009, but HFSPlus was left vulnerable until May 4, 2012.

Privilege escalation in Linux kernel
CVE-2010-3081

Privilege escalation

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper allocation of userspace memory required for the 32-bit compatibility layer within compat_alloc_user_space() function in include/asm/compat.h file on on 64-bit platforms. A local user can call compat_mc_getsockopt() function and gain control over vulnerable system.

Successful exploitation of the vulnerability allows a local non-privileged user to gain root privileges.

i

Based on the sophisticated and fully functional exploits this vulnerability was exploited in the wild for quite some time before the patch was issued.

Software: Linux kernel

Known/fameous malware:

Linux/Exploit.CVE-2010-3081.B

Based on the sophisticated and fully functional exploits this vulnerability was exploited in the wild for quite some time before the patch was issued.