New issue
Advanced search Search tips
ListGrid
Loading...
  ID Type  Status  Priority  Milestone  Owner  Summary + Labels ...
  88 ---- Fixed ---- ---- cevans@google.com Linux kernel stack overflow when mounting ISO9660 image, including via a USB stick CCProjectZeroMembers  
  89 ---- Fixed ---- ---- hawkes@google.com Linux kernel hid-logitech-dj.c device_index arbitrary kfree CCProjectZeroMembers  
  90 ---- Fixed ---- ---- hawkes@google.com Linux kernel hid-logitech-dj.c logi_dj_ll_raw_request heap overflow CCProjectZeroMembers  
  91 ---- Fixed ---- ---- hawkes@google.com Linux kernel HID report fixup multiple off-by-one issues CCProjectZeroMembers  
  98 ---- Fixed ---- ---- forshaw@google.com Linux Kernel Buffer Overflow in Whiteheat USB Serial Driver CCProjectZeroMembers  
  100 ---- Fixed ---- ---- scvitti@google.com Magic Mouse HID device driver overflow CCProjectZeroMembers  
  101 ---- Fixed ---- ---- scvitti@google.com PicoLCD HID device driver pool overflow CCProjectZeroMembers  
  169 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL DoS via unlimited CharString program execution CCProjectZeroMembers  
  174 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL out-of-bounds reads from the input CharString stream CCProjectZeroMembers  
  175 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL off-by-x oob reads/writes relative to the operand stack CCProjectZeroMembers  
  176 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL kernel pool memory disclosure via uninitialized transient array CCProjectZeroMembers  
  177 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL read/write-what-where in LOAD and STORE operators CCProjectZeroMembers  
  178 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL pool-based buffer overflow in Counter Control Hints CCProjectZeroMembers  
  179 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL pool-based buffer underflow due to integer overflow in STOREWV CCProjectZeroMembers  
  180 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL unlimited out-of-bounds stack manipulation via BLEND operator CCProjectZeroMembers  
  368 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: pool-based buffer overflow in the IUP[] program instruction CCProjectZeroMembers  
  369 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL OTF font processing: pool-based buffer overflow with malformed GPOS table CCProjectZeroMembers  
  370 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: pool-based buffer overflow in win32k!scl_ApplyTranslation CCProjectZeroMembers  
  382 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL out-of-bounds reads from the input CharString stream CCProjectZeroMembers  
  383 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL invalid memory access due to malformed CFF table (ATMFD+0x34072 / ATMFD+0x3407b) CCProjectZeroMembers  
  384 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL invalid memory access due to malformed CFF table (ATMFD+0x3440b / ATMFD+0x3440e) CCProjectZeroMembers  
  385 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL write to uninitialized address due to malformed CFF table CCProjectZeroMembers  
  386 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL out-of-bounds read due to malformed Name INDEX in the CFF table CCProjectZeroMembers  
  392 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL out-of-bounds read due to malformed FDSelect offset in the CFF table CCProjectZeroMembers  
  401 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: out-of-bounds pool memory access in win32k!fsc_RemoveDups CCProjectZeroMembers  
  402 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: out-of-bounds pool write in win32k!fsc_BLTHoriz CCProjectZeroMembers  
  506 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: pool-based buffer overflow with malformed OS/2 table CCProjectZeroMembers  
  507 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: pool-based buffer overflow with malformed TrueType program CCProjectZeroMembers  
  540 ---- Invalid ---- ---- markbrand@google.com Linux: kernel read-write in __ARM_NR_cmpxchg CCProjectZeroMembers  
  682 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL OTF font processing: stack corruption due to malformed CFF table CCProjectZeroMembers  
  683 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL OTF font processing: pool-based buffer overflow with malformed CFF table CCProjectZeroMembers  
  684 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: pool corruption with malformed EBLC / EBSC tables CCProjectZeroMembers  
  735 ---- Fixed ---- ---- hawkes@google.com Linux io_submit L2TP sendmsg integer overflow CCProjectZeroMembers  
  758 ---- Fixed ---- ---- hawkes@google.com Linux netfilter IPT_SO_SET_REPLACE memory corruption CCProjectZeroMembers  
  781 ---- WontFix ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL NamedEscape 0x2511 out-of-bounds read CCProjectZeroMembers  
  785 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL NamedEscape 0x250C pool corruption CCProjectZeroMembers  
  855 ---- WontFix ---- ---- mjurczyk@google.com Windows Kernel win32k.sys FON font processing: divide-by-zero exception in win32k!MAPPER::bFoundExactMatch CCProjectZeroMembers  
  864 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: out-of-bounds read in the RCVT TrueType instruction handler CCProjectZeroMembers  
  868 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: use-after-free in win32k!sbit_Embolden / win32k!ttfdCloseFontContext CCProjectZeroMembers  
  873 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel Registry Hive loading: negative RtlMoveMemory size in nt!CmpCheckValueList CCProjectZeroMembers  
  874 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel Registry Hive loading: out-of-bounds read in nt!RtlEqualSid CCProjectZeroMembers  
  876 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel Registry Hive loading: relative arbitrary read in nt!RtlValidRelativeSecurityDescriptor CCProjectZeroMembers  
  993 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel Registry Hive loading: crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages CCProjectZeroMembers  
  1078 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys multiple bugs in the NtGdiGetDIBitsInternal system call CCProjectZeroMembers  
  1144 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure due to output structure alignment in win32k!NtGdiGetOutlineTextMetricsInternalW CCProjectZeroMembers  
  1145 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel uninitialized memory in the default dacl descriptor of system processes' token CCProjectZeroMembers  
  1147 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel KsecDD pool memory disclosure in IOCTL 0x390400, operation code 0x00020000 CCProjectZeroMembers  
  1150 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel Mountmgr pool memory disclosure in the handling of IOCTL_MOUNTMGR_QUERY_POINTS CCProjectZeroMembers  
  1152 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel WMIDataDevice pool memory disclosure in the handling of the 0x224000 IOCTL (WmiQueryAllData) CCProjectZeroMembers  
  1153 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure in win32k!NtGdiEnumFonts CCProjectZeroMembers  
  1154 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel volmgr pool memory disclosure in the handling of IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS CCProjectZeroMembers  
  1156 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel partmgr pool memory disclosure in the handling of IOCTL_DISK_GET_DRIVE_GEOMETRY_EX CCProjectZeroMembers  
  1159 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel partmgr pool memory disclosure in the handling of IOCTL_DISK_GET_DRIVE_LAYOUT_EX CCProjectZeroMembers  
  1161 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure in nt!NtTraceControl (EtwpSetProviderTraits) CCProjectZeroMembers  
  1166 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure in nt!NtQueryVolumeInformationFile (FileFsVolumeInformation) CCProjectZeroMembers  
  1169 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure in nt!NtNotifyChangeDirectoryFile CCProjectZeroMembers  
  1177 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in exception handling (nt!KiDispatchException) CCProjectZeroMembers  
  1178 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiExtGetObjectW CCProjectZeroMembers  
  1179 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiGetOutlineTextMetricsInternalW CCProjectZeroMembers  
  1180 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiGetTextMetricsW CCProjectZeroMembers  
  1181 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiGetRealizationInfo CCProjectZeroMembers  
  1182 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!xxxClientLpkDrawTextEx CCProjectZeroMembers  
  1183 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in DeviceApi (PiDqIrpQueryGetResult, PiDqIrpQueryCreate, PiDqQueryCompletePendedIrp) CCProjectZeroMembers  
  1186 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!ClientPrinterThunk CCProjectZeroMembers  
  1189 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in nt!NtQueryInformationJobObject (BasicLimitInformation, ExtendedLimitInformation) CCProjectZeroMembers  
  1190 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in nt!NtQueryInformationProcess (ProcessVmCounters) CCProjectZeroMembers  
  1191 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiMakeFontDir CCProjectZeroMembers  
  1192 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32kfull!SfnINLPUAHDRAWMENUITEM CCProjectZeroMembers  
  1193 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in nt!NtQueryInformationJobObject (information class 12) CCProjectZeroMembers  
  1194 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in nt!NtQueryInformationJobObject (information class 28) CCProjectZeroMembers  
  1196 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in nt!NtQueryInformationTransaction (information class 1) CCProjectZeroMembers  
  1207 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in nt!NtQueryInformationResourceManager (information class 0) CCProjectZeroMembers  
  1213 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL out-of-bounds read due to malformed Name INDEX in the CFF table CCProjectZeroMembers  
  1214 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation) CCProjectZeroMembers  
  1238 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel nsiproxy/netio pool memory disclosure in the handling of IOCTL 0x120007 (NsiGetParameter) CCProjectZeroMembers  
  1267 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure in win32k!NtGdiGetGlyphOutline CCProjectZeroMembers  
  1268 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiGetPhysicalMonitorDescription CCProjectZeroMembers  
  1269 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure in nt!NtSetIoCompletion / nt!NtRemoveIoCompletion CCProjectZeroMembers  
  1273 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: out-of-bounds reads/writes with malformed "fpgm" table (win32k!bGeneratePath) CCProjectZeroMembers  
  1274 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: out-of-bounds read with malformed "glyf" table (win32k!fsc_CalcGrayRow) CCProjectZeroMembers  
  1275 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiGetFontResourceInfoInternalW CCProjectZeroMembers  
  1276 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiEngCreatePalette CCProjectZeroMembers  
  1303 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure in nt!NtQueryObject (ObjectNameInformation) CCProjectZeroMembers  
  1304 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiDoBanding CCProjectZeroMembers  
  1306 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiHLSurfGetInformation (information class 3) CCProjectZeroMembers  
  1307 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtQueryCompositionSurfaceBinding CCProjectZeroMembers  
  1311 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure in nt!RtlpCopyLegacyContextX86 CCProjectZeroMembers  
  1325 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel multiple stack and pool memory disclosures into NTFS file system metadata CCProjectZeroMembers  
  1352 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure into NTFS metadata ($LogFile) in Ntfs!LfsRestartLogFile CCProjectZeroMembers  
  1361 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure in nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) CCProjectZeroMembers  
  1362 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!xxxSendMenuSelect (via fnHkINLPMSG user-mode callback) CCProjectZeroMembers  
  1391 ---- WontFix ---- ---- mjurczyk@google.com Windows 10 Creators Update 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation (class 185, Warbird functionality) CCProjectZeroMembers  
  1398 ---- WontFix ---- ---- mjurczyk@google.com Windows Kernel pool address leak via undocumented GetFontData feature in ATMFD CCProjectZeroMembers  
  1401 ---- WontFix ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL NamedEscape 0x2511 pool address derivation from entropy accumulator CCProjectZeroMembers  
  1408 ---- WontFix ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32kbase!NtQueryCompositionInputQueueAndTransform CCProjectZeroMembers  
  1426 ---- WontFix ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32kfull!GreUpdateSpriteInternal CCProjectZeroMembers