kernel: Integer overflow in the alarm_timer_nsleep function

A flaw was found in the alarmtimernsleep function in kernel/time/alarmtimer.c in the Linux kernel. The ktimeaddsafe function is not used and an integer overflow can happen causing an alarm not to fire or possibly a denial-of-service if using a large relative timeout...

Announcing the Sixth Annual Flare-On Challenge

The FireEye Labs Advanced Reverse Engineering FLARE team is thrilled to announce that the popular Flare-On reverse engineering challenge will return for the sixth straight year. The contest will begin at 8:00 p.m. ET on Aug. 16, 2019. This is a CTF-style challenge for all active and aspiring...

Privilege Escalation

linux kernel is vulnerable to privilege escalation. This vulnerability exists in sound timer code in the sndtimeruserread function in the sound/core/timer.c file in the Linux kernel. An unprivileged attacker can exploit the race condition to cause an out-of-bound access which may lead to a system...

Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. This high resolution timerhrtimer runs when a L2 guest is active. After VM exit, the syncvmcs12 timer object is stopped. The...

kernel: Integer overflow in the alarm_timer_nsleep function

A flaw was found in the alarmtimernsleep function in kernel/time/alarmtimer.c in the Linux kernel. The ktimeaddsafe function is not used and an integer overflow can happen causing an alarm not to fire or possibly a denial-of-service if using a large relative timeout...

Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. This high resolution timerhrtimer runs when a L2 guest is active. After VM exit, the syncvmcs12 timer object is stopped. The...

SUSE-SU-2019:0054-2 Security update for systemd

This update for systemd fixes the following issues: Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 bsc1120323: Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. Fix security vulnerability...

The vulnerability of the RouterOS operating system, related to errors in the watchdog timer, allows a intruder to reboot the device.

The vulnerability of the RouterOS operating system is related to errors in the watchdog timer’s operation. This vulnerability allows a malicious actor to reboot the vulnerable device remotely...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-769)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-14633: A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in a way an authentication request from an ISCSI initiator is...

Debian: Security Advisory (DLA-1731-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1715-1 : linux-4.9 security update (Spectre)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18249 A race condition was discovered in the disk space allocator of F2FS. A user with access to an F2FS volume could use this to cause a deni...

[SECURITY] [DLA 1715-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.144-3.1deb8u1 CVE ID : CVE-2017-18249 CVE-2018-1128 CVE-2018-1129 CVE-2018-3639 CVE-2018-5391 CVE-2018-5848 CVE-2018-6554 CVE-2018-12896 CVE-2018-13053 CVE-2018-13096 CVE-2018-13097 CVE-2018-13100 CVE-2018-13406 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612...

Linux Kernel 4.4 (Ubuntu 16.04) - snd_timer_user_ccallback() Kernel Pointer Leak Exploit

include include include include include include include include include include include include include include Exploit Title: Linux Kernel 4.4 Ubuntu 16.04 - Leak kernel pointer in sndtimeruserccallback Google Dork: - Date: 2019-03-11 Exploit Author: wally0813 Vendor Homepage: - Software Link: -...

Linux Kernel 4.4 (Ubuntu 16.04) - snd_timer_user_ccallback() Kernel Pointer Leak

Linux Kernel 4.4 Ubuntu 16.04 - sndtimeruserccallback Kernel Pointer Leak include include include include include include include include include include include include include include Exploit Title: Linux Kernel 4.4 Ubuntu 16.04 - Leak kernel pointer in sndtimeruserccallback Google Dork: - Date...

Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak

include include include include include include include include include include include include include include Exploit Title: Linux Kernel 4.4 Ubuntu 16.04 - Leak kernel pointer in sndtimeruserccallback Google Dork: - Date: 2019-03-11 Exploit Author: wally0813 Vendor Homepage: - Software Link: -...

Important: kernel

Issue Overview: A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descript...

SUSE SLES11 Security Update : kvm (SUSE-SU-2019:13962-1)

This update for kvm fixes the following issues : Security issues fixed : CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation bsc1123156. CVE-2018-19489: Fixed a denial of service vulnerability in virtfs bsc1117275. CVE-2018-19364: Fixed a use-after-free if the...

SUSE-SU-2019:13962-1 Security update for kvm

This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation bsc1123156. - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs bsc1117275. - CVE-2018-19364: Fixed a use-after-free if...

CVE-2019-7221

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. This high resolution timerhrtimer runs when a L2 guest is active. After VM exit, the syncvmcs12 timer object is stopped. The...

Information Disclosure

Linux kernel that is built with CONFIGPOSIXTIMERES and CONFIGCHECKPOINTRESTORE is vulnerable to information disclosure. An out-of-bounds access in the showtimer function in the timercreate syscall implementation in kernel/time/posix-timers.c allows userspace applications to read arbitrary kernel...