Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Arm Mali CSF Missing Buffer Size Check[6]
- Authored by Jann Horn[7], Google Security Research[8]
-
In the Linux Mali driver, when building with MALI_USE_CSF, the VFS read handler of the main Mali file descriptor (kbase_read()) never looks at its "count" parameter. This means that a simple userspace program that sets up a Mali file descriptor, then calls read(mali_fd, buf, 1), will see read() returning a higher length than requested, and out-of-bounds data in the userspace buffer will be clobbered.
- systems | linux[9]
- advisories | CVE-2022-36449[10]
- SHA-256 |
3d801b6f86d2cf6dcafab0fab084495a709669823b168ea8d4eaa15c04e2a64c
- Download[11] | Favorite[12] | View[13]
File Tags
- ActiveX[18] (932)
- Advisory[19] (78,212)
- Arbitrary[20] (15,257)
- BBS[21] (2,859)
- Bypass[22] (1,585)
- CGI[23] (1,013)
- Code Execution[24] (6,759)
- Conference[25] (671)
- Cracker[26] (799)
- CSRF[27] (3,275)
- DoS[28] (22,042)
- Encryption[29] (2,339)
- Exploit[30] (50,095)
- File Inclusion[31] (4,160)
- File Upload[32] (945)
- Firewall[33] (821)
- Info Disclosure[34] (2,564)
- Intrusion Detection[35] (860)
- Java[36] (2,822)
- JavaScript[37] (806)
- Kernel[38] (6,142)
- Local[39] (14,083)
- Magazine[40] (586)
- Overflow[41] (12,249)
- Perl[42] (1,413)
- PHP[43] (5,057)
- Proof of Concept[44] (2,284)
- Protocol[45] (3,345)
- Python[46] (1,405)
- Remote[47] (29,841)
- Root[48] (3,463)
- Ruby[49] (580)
- Scanner[50] (1,630)
- Security Tool[51] (7,733)
- Shell[52] (3,075)
- Shellcode[53] (1,203)
- Sniffer[54] (883)
- Spoof[55] (2,122)
- SQL Injection[56] (16,054)
- TCP[57] (2,368)
- Trojan[58] (682)
- UDP[59] (871)
- Virus[60] (660)
- Vulnerability[61] (30,638)
- Web[62] (9,101)
- Whitepaper[63] (3,723)
- x86[64] (943)
- XSS[65] (17,382)
- Other[66]
File Archives
- September 2022[67]
- August 2022[68]
- July 2022[69]
- June 2022[70]
- May 2022[71]
- April 2022[72]
- March 2022[73]
- February 2022[74]
- January 2022[75]
- December 2021[76]
- November 2021[77]
- October 2021[78]
- Older[79]
Systems
- AIX[80] (426)
- Apple[81] (1,899)
- BSD[82] (369)
- CentOS[83] (55)
- Cisco[84] (1,915)
- Debian[85] (5,948)
- Fedora[86] (1,690)
- FreeBSD[87] (1,242)
- Gentoo[88] (4,197)
- HPUX[89] (878)
- iOS[90] (323)
- iPhone[91] (108)
- IRIX[92] (220)
- Juniper[93] (67)
- Linux[94] (42,858)
- Mac OS X[95] (684)
- Mandriva[96] (3,105)
- NetBSD[97] (255)
- OpenBSD[98] (478)
- RedHat[99] (11,980)
- Slackware[100] (941)
- Solaris[101] (1,607)
- SUSE[102] (1,444)
- Ubuntu[103] (8,002)
- UNIX[104] (9,112)
- UnixWare[105] (185)
- Windows[106] (6,469)
- Other[107]