Memory corruption when two threads try to map and unmap a single node simultaneously.
Memory corruption while processing IOCTL calls to unmap the buffers.
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
Memory corruption while processing frame command IOCTL calls.
In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Windows DWM Core Library Elevation of Privilege Vulnerability
Memory corruption while processing command in Glink linux.
Win32k Elevation of Privilege Vulnerability
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Microsoft Streaming Service Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.
In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157066561
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.
Windows Telephony Server Elevation of Privilege Vulnerability
Windows Defender Credential Guard Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Memory corruption when the IOCTL call is interrupted by a signal.
In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges.
This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
Memory corruption while handling file descriptor during listener registration/de-registration.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Use after free in Xbox allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.
Memory corruption while handling user packets during VBO bind operation.
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.
Memory corruption when kernel driver attempts to trigger hardware fences.
Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.