kernel: incorrect restoration of machine specific registers from userspace

A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state...

kernel: incorrect restoration of machine specific registers from userspace

A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state...

NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace

NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=892 The handler for the DxgkDdiEscape escape code 0x70000D4 has the following pseudocode: void fastcall escape70000D4NvMiniportDeviceContext...

NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=892 The handler for the DxgkDdiEscape escape code 0x70000D4 has the following pseudocode: void fastcall escape70000D4NvMiniportDeviceContext a1, NvEscapeData a2 Escape70000D4 escapedata; // rbx@1 PVOID allocbuf; // rsi@1 unsigned i...

RedHat Update for kernel RHSA-2016:1406-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-6156

A timing flaw was found in the Chrome EC driver in the Linux kernel. An attacker could abuse timing to skip validation checks to copy additional data from userspace possibly increasing privilege or crashing the system...

Linux kernel Linux-4.6/drivers/platform/chrome/cros_ec_dev.c buffer overflow vulnerability

The Linux Kernel is the kernel of the Linux operating system. A buffer overflow vulnerability exists in the Linux kernel 4.6 and earlier, Linux-4.6/drivers/platform/chrome/crosecdev.c implementation. A buffer overflow can be caused by a remote user utilizing constructed userspace data...

RHEL 7 : kernel (RHSA-2016:1277)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko

A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...

Apple Mac OSX Kernel - NULL Dereference in IOAccelSharedUserClient2::page_off_resource

Apple Mac OSX Kernel - NULL Dereference in IOAccelSharedUserClient2::pageoffresource / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=778 IOAccelerator external method IOAccelSharedUserClient2::pageoffresource uses the pointer at this+0x100 without checking if it's NULL. A seri...

Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=783 The method AppleGraphicsControlClient::checkArguments does actually appear to test whether the pointer at this+0xd8 is non-null, but uses it anyway : We can race external methods which call this with another thread calling...

Apple Mac OSX Kernel - Null Pointer Dereference in AppleGraphicsDeviceControl

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=782 AppleGraphicsDeviceControlClient doesn't check that its pointer to its IOService at this+0xd8 is non-null before using it in all external methods. We can set this pointer to NULL by racing two threads, one of which calls...

CRIU Privilege Acquisition Vulnerability

CRIU Checkpoint/Restore In Userspace is a set of Linux userspace userspace on the implementation of the checkpoint/restore function of the software to freeze and restore the execution of tools. The tool supports freezing or partially freezing the execution of an application and saving its executi...

CVE-2014-8181

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SGIO buffer, which may leaking sensitive information to userspace...

kernel: kvm: reporting emulation failures to userspace

It was found that reporting emulation failures to user space could lead to either a local CVE-2014-7842 or a L2-L1 CVE-2010-5313 denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain...

kernel: kvm: reporting emulation failures to userspace

It was found that reporting emulation failures to user space could lead to either a local CVE-2014-7842 or a L2-L1 CVE-2010-5313 denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain...

openafs -- multiple vulnerabilities

The OpenAFS development team reports: Foreign users can bypass access controls to create groups as system:administrators, including in the user namespace and the system: namespace. The contents of uninitialized memory are sent on the wire when clients perform certain RPCs. Depending on the RPC, t...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) regression (USN-2910-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2910-2 advisory. USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics...

USN-2910-1 Linux kernel vulnerability | Cloud Foundry

USN-2910-1 Linux kernel vulnerability High Vendor Ubuntu Versions Affected Ubuntu 14.04 Description halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges...

USN-2908-3: Linux kernel (Raspberry Pi 2) vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...