The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system.
Improper initialization of the flags member of the pipe buffer structure in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel, could allow an unprivileged local user to write to pages in the page cache backed by read-only files and escalate privileges on the system. This module creates a new pipe buffer with the PIPE_BUF_FLAG_CAN_MERGE flag which controls coalescing of writes into a pipe buffer and thus allows for writing to an existing page spliced into the pipe. When a file backs this spliced page, the change is reflected to the shared system-wide view of the file in memory and any subsequent cache flush will write the manipulated data to disk ignoring existing Linux permissions settings.
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.
This module exploits a heap overflow in ntfs.sys by calling to the "NtQueryEaFile" function with crafted parameters.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
An elevation of privilege vulnerability exists in the way the win32kbase component handles objects in memory.
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center exposes functionality that allows low-privileged users to interact with the device and exploit a stack buffer overflow via specially crafted IOCTL requests and elevate system privileges.