![]() ![]() This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driverĪ buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.Ī potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.Īn out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This results in calling k_sleep() in IRQ context, causing a fatal exception. The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( ) * Immobilize the vehicle via the safe-immobilizer module ( ) * Get live video through the connected video camera * Send audio messages to the driver ( )Ī buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. The MQTT server also leaks the location, video and diagnostic data from each connected device. ![]() The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |