Linux kernel information disclosure vulnerability (CNVD-2018-00244)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. An information disclosure vulnerability exists in 4.14.4 and earlier versions of the Linux kernel. The vulnerability...

CVE-2017-17450

net/netfilter/xtosf.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for addcallback and removecallback operations, which allows local users to bypass intended access restrictions because the xtosffingers data structure is shared across all net namespaces...

UBUNTU-CVE-2017-17449

The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAPNETADMIN...

UBUNTU-CVE-2017-17448

net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnlcthelperlist data structure is shared across all net namespaces...

CVE-2017-17448

net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnlcthelperlist data structure is shared across all net namespaces...

ZEIT Next.js Directory Traversal Vulnerability

Next.js is a minimalist server-side rendering framework for React applications. A directory traversal vulnerability exists in ZEIT Next.js versions prior to 2.4.1 under the /next and /static request namespaces. An attacker can exploit this vulnerability to obtain sensitive information...

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1256)

According to the version of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in...

kernel: Exploitable memory corruption due to UFO to non-UFO path switch

An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ipufoappenddata when building an UFO packet with MSGMORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privilege...

kernel: Exploitable memory corruption due to UFO to non-UFO path switch

An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ipufoappenddata when building an UFO packet with MSGMORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privilege...

CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

DEBIAN-CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

CVE-2017-1000111

CVE-2017-1000111 describes a heap/out-of-bounds race in the Linux kernel’s AF_PACKET socket handling (packet_set_ring) that can be exploited by a local user possessing CAP_NET_RAW to elevate privileges. The issue arises when a socket option changes socket state and races with safety checks; the r...

MGASA-2017-0279 Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.4.82 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to code...

UBUNTU-CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

PT-2017-3105 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a heap out-of-bounds condition in AF PACKET sockets, similar to a previously disclosed problem. It involves a race condition between a socket option that change...

SUSE-SU-2017:2094-1 Security update for Linux Kernel Live Patch 15 for SLE 12 SP1

This update for the Linux Kernel 3.12.74-606440 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege bsc1050751. - CVE-2017-9242: The ip6appenddata function in net/ipv6/ip6output.c in the Linux kernel is too...

kernel: Overflowing kernel mount table using shared bind mount

It was found that in Linux kernel the mount table expands by a power-of-two with each bind mount command. If a system is configured to allow non-privileged user to do bind mounts, or allows to do so in a container or unprivileged mount namespace, then non-privileged user is able to cause a local...

CVE-2017-7517

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access...

kernel: Local privilege escalation in XFRM framework（CVE-2017-7184）

A security issue was reported by ZDI, on behalf of Chaitin Security Research Lab, against the Linux kernel in Ubuntu. It also affected the upstream kernel. Chaitin Security Research Lab discovered that xfrmreplayverifylen, as called by xfrmnewae, did not verify that the user-specified replaywindo...

Ubuntu 15.10 AUFS - allow_userns Fuse/Xattr User Namespaces Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Source: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/ Introduction Problem description: Aufs is a union filesystem to mix content of different underlying filesystems, e.g. read-only medium with r/w RAM-fs. That ...