Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Calls boot services in mixed mode on the firmware’s stack Normally, the EFI stub calls into EFI boot services using the stack that was active when the stub was invoked. According to the UEFI specification, this stack...

x86/efistub: Call mixed mode boot services on the firmware's stack

...

SUSE CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

CVE-2024-35803

A security vulnerability was identified in the Linux kernel's EFI Extensible Firmware Interface stub, specifically affecting systems operating in mixed-mode environments. The issue arises from the EFI stub's handling of boot services, which can lead to stack overflows and potential system...

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

DEBIAN-CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

UBUNTU-CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

CVE-2024-35803

CVE-2024-35803 affects the Linux kernel, specifically the x86 efistub in mixed-mode boot handling. The root cause is that EFI boot service calls were made using the decompressor’s 16k boot stack during 32‑bit firmware entry paths, while EFI boot services require a larger (128k) stack. This mismat...

CVE-2024-35803 x86/efistub: Call mixed mode boot services on the firmware's stack

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

CVE-2024-35803 x86/efistub: Call mixed mode boot services on the firmware's stack

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

PT-2024-26747

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel's EFI stub, which calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stac...

GSD-2022-1004370 efi/x86: use naked RET on mixed mode call wrapper

efi/x86: use naked RET on mixed mode call wrapper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.57 by commit...

GSD-2022-1004148 efi/x86: use naked RET on mixed mode call wrapper

efi/x86: use naked RET on mixed mode call wrapper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.14 by commit...

Oracle Auditing Part 3: Unified Auditing

This is the third, and last, article on the topic of Oracle auditing. It is relevant to Oracle 12c only. With Unified Auditing, Oracle simplified the task of auditing activities in a modern database environment, and rather than having to learn multiple methods, patterns, and techniques for both...

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::Remote::HttpClient include...

Description of the Office Online update: April 12, 2011

Description of the Office Online update: April 12, 2011 INTRODUCTION Microsoft has released an update for Microsoft Office Online. This update provides the latest fixes for Office Online. Additionally, this update contains stability and performance improvements. This article describes a critical...

Telerik UI - Remote Code Execution via Insecure Deserialization

See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of vulnerability and exploit details for this issue along with patching instructions. Install git clone...

Telerik UI - Remote Code Execution via Insecure Deserialization Exploit

Exploit for asp platform in category web applications Telerik UI - Remote Code Execution via Insecure Deserialization Exploit See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of...