The vulnerability of the `megasas_mmio_write` function in the QEMU hardware emulation software allows a hacker to exert unpredictable effects.

The vulnerability of the megasasmmiowrite function in the QEMU hardware emulation software is caused by buffer overflow. Exploiting this vulnerability allows a remote attacker to exert unpredictable effects using unknown vectors...

kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c

It was found that the Linux kernel can hit a BUGON statement in the xfsgetblocks in the fs/xfs/xfsaops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUGON instead of an I/O failure. This allows a local unprivileged attacke...

kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c

It was found that the Linux kernel can hit a BUGON statement in the xfsgetblocks in the fs/xfs/xfsaops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUGON instead of an I/O failure. This allows a local unprivileged attacke...

Linux Kernel SO_SNDBUFFORCE / SO_RCVBUFFORCE Local Privilege Escalation

// CAPNETADMIN - root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 3.11 - 4.8 // Tested in QEMU only // https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793 // // Usage: // gcc -pthread exploit.c -o exploit // chown guest:guest exploit...

DEBIAN-CVE-2017-7995

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the getuser function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL...

ARM guests may induce host asynchronous abort

ISSUE DESCRIPTION Depending on how the hardware and firmware have been integrated, guest-triggered asynchronous aborts SError on ARMv8 may be received by the hypervisor. The current action is to crash the host. A guest might trigger an asynchronous abort when accessing memory mapped hardware in a...

CVE-2016-3757

The printmaps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237...

Code injection

The printmaps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237...

UBUNTU-CVE-2016-3757

The printmaps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237...

CVE-2016-3757

The printmaps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237...

kernel: kvm: reporting emulation failures to userspace

It was found that reporting emulation failures to user space could lead to either a local CVE-2014-7842 or a L2-L1 CVE-2010-5313 denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain...

Linux ASLR vulnerabilities: an attacker with unlimited disable ASLR（CVE-2 0 1 6-3 6 7 2-the vulnerability warning-the black bar safety net

! Recently, security personnel repair a Linux ASLR in a relatively old vulnerability, with x86 devices on the 3 2-bit application usage rights of any user, by the RLIMITSTACK resource is set to“unlimited”you can disable ASLR. The vulnerability CVE number CVE-2 0 1 6-3 6 7 2, The CNNVD number of...

The vulnerability of Xen hypervisors, which allows a malicious actor to trigger a service failure

The vulnerability of Xen hypervisors exists due to insufficient checking of input data. Exploiting this vulnerability can allow a local attacker to trigger a service failure host reboot by manipulating numerous MMIO pages with various cache settings...

DEBIAN-CVE-2016-2270

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service host reboot via vectors related to multiple mappings of MMIO pages with different cachability settings...

CentOS 7 : kernel (CESA-2015:2552)

Updated kernel packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

RedHat Update for kernel RHSA-2015:2552-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: kvm: reporting emulation failures to userspace

It was found that reporting emulation failures to user space could lead to either a local CVE-2014-7842 or a L2-L1 CVE-2010-5313 denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain...

kernel: kvm: noncanonical rip after emulation

A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP for example, branches or calls. A guest user with access to an I/O or MMIO region could use this flaw to crash the guest...

USN-2777-1: Linux kernel (Utopic HWE) vulnerabilities

It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service system crash or possibly execute code with administrative privileges. CVE-2015-5156 Benjamin Randazzo...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2777-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2777-1 advisory. It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker...