Vulnerabilities discovered by LLM Project

Introduction:

• In this advisory, we have listed vulnerabilities discovered using our LLM-powered 0-Day vulnerability analysis tool under development.

• We strive to leverage the power of LLM to protect against emerging threats.

• It is not yet perfect, but we are continuously improving it.

Reported

• Apple . Out-Of-Bounds ACCESS . 2024-12-11
• Apple . Out-Of-Bounds ACCESS . 2024-12-11
• Linux -> ZDI . Out-Of-Bounds READ . 2024-12-13
• Linux -> ZDI . Out-Of-Bounds WRITE . 2024-12-13
• Microsoft . Improper Access Control . 2024-12-24
• Google . Buffer Overflow . 2024-12-28
• Google . Buffer Overflow . 2024-12-28
• Apple . Buffer Overflow . 2024-12-28
• Apple . Buffer Overflow . 2024-12-28

Released

• Google . Chromium . Out-Of-Bounds ACCESS . Issue 370177590
• Mozilla . Firefox . Out-Of-Bounds WRITE . CVE-2024-11691

Undergoing Analysis (Validation)

• We are currently organizing and categorizing validation and details for a huge number of bugs.
• The bugs we are analyzing are in products developed by the following vendors:
  • Google, Apple, Microsoft, Mozilla, Linux, Samsung

Conclusion:

• Our project is ongoing in the following labs:
  • USELab, Korea University
• Contact:
  • pwnable@korea.ac.kr

Contributor:

• Dohyun Lee (@l33d0hyun) of USELab, Korea University
• Youngho Choi of CEL, Korea University
• Prof. Geumhwan Cho of USELab, Korea University