Advisories 2020/09

Security advisories for vulnerabilities identified by Blue Frost Security.

Microsoft Hyper-V Type Confusion leading to Arbitrary Memory Dereference

A bug present in the Hyper-V (hvix64) hash-table implementation allows to dereference memory near (or belonging to) the hash-table struct object.

Microsoft Hyper-V NULL Pointer Dereference Denial of Service

A bug present in Hyper-V's (hvix64) emulation handler for VMLAUNCH/VMRESUME allows a malicious L2 hypervisor to trigger a NULL pointer dereference in the L1 hypervisor.

Microsoft Hyper-V Stack Overflow Denial of Service

A bug present in the hvix64 module (hypervisor) causes infinite recursion, leading to a stack overflow.

LG PC Suite Insecure Update Mechanism

A vulnerability inside the update mechanism was identified which allows an attacker to remotely execute arbitrary code on the target system.

Huawei HiSuite Insecure Service Directory ACLs

A privilege escalation vulnerability was identified which can be used by a local user to elevate privileges.

Samsung SW Update Insecure Service Directory ACLs

A privilege escalation vulnerability was identified which can be used by a local user to elevate privileges.