3437 matches found
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4578-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4578-1 advisory. Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free...
F2fs-Tools F2fs.Fsck filesystem checking Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the getdnodeofdata functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this...
kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when...
kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when...
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
...
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown or otherwise rendered inaccessible until it is remounted leading to a denial of service. The highest threat from this vulnerability is to system availability.
...
Denial Of Service (DoS)
linux is vulnerable to denial of service DoS. The vulnerability exists as aufs improperly managed inode reference counts in the vfsubdentryopen method...
DEBIAN-CVE-2020-14385
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is...
CVE-2020-14385
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is...
UBUNTU-CVE-2020-14385
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is...
openSUSE Security Update : the Linux Kernel (openSUSE-2020-1382)
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2020-14314: Fixed potential negative array index in dosplit in ext4 bsc1173798. - CVE-2020-14386: Fixed an overflow in afpacket, which could lead to local privilege...
PT-2020-3946 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.9-rc4 Description: A flaw in the Linux kernel's XFS file system can cause a denial of service. The issue arises from a failure of the file system metadata validator, which can incorrectly flag an inode with a...
LSN-0070-1: Kernel Live Patch Security Notice
Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsubdentryopen method. A local attacker could use this vulnerability to cause a denial of service. CVE-2020-11935...
LSN-0070-1 Kernel Live Patch Security Notice
Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsubdentryopen method. A local attacker could use this vulnerability to cause a denial of service. CVE-2020-11935...
grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...
grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...
grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...
grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...
DEBIAN-CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...
ALPINE-CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...