Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario

A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the...

Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario

A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the...

Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario

A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the...

Unspecified vulnerability in Linux kernel (CNVD-2020-33497)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the U.S. VFIO PCI driver is one of the VFIO PCI drivers. A security vulnerability exists in the VFIO PCI driver in Linux kernel 5.6.13 and earlier versions. An attacker can exploit the...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibl...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or...

CVE-2019-6256

A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmdTunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request...

CVE-2019-6256

A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmdTunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request...

kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ

A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisationCONFIGKVM support with Virtual Function I/O feature CONFIGVFIO enabled. This failure could occur if a malicious guest device sent a virtual interrupt guest IRQ with a larger 1024 index value...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.4.105 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...

kernel: State machine confusion bug in vfio driver leading to memory corruption

A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution...

Firefox 50.0.2 after the release reuse vulnerability analysis CVE-2016-9899-a vulnerability warning-the black bar safety net

Author: k0shl reprint please indicate the source author blog:http://whereisk0shl. top Preface Small year has passed, New Year rhythm, give you worship a early years, a Happy New Year! Haven't come across such after the release reuse vulnerability, which vulnerability causes is a very classic...

PT-2016-7647 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.8.11 Description: The issue allows local users to bypass integer overflow checks, potentially causing a denial of service memory corruption or having unspecified other impact. This is achieved by leveraging...

Linux Kernel Vfio Driver Integer Overflow Vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An integer overflow vulnerability exists in the Linux Kernel Vfio Driver. An attacker can exploit this vulnerability to execute arbitrary code. A failed exploit could result i...

Apple Mac OSX Kernel - Null Pointer Dereference in IOAudioEngine

Apple Mac OSX Kernel - Null Pointer Dereference in IOAudioEngine / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=776 IOAudioEngineUserClient::closeClient sets the audioEngine member pointer to NULL IOReturn IOAudioEngineUserClient::closeClient audioDebugIOLog3, "+...

MS15-058: Vulnerabilities in SQL Server could allow remote code execution: July 14, 2015

Resolves vulnerabilities in SQL Server that could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address. This leads to a function call to uninitialized memory.IntroductionThis update resolves...

Mozilla Firefox 3.6.16 mChannel Use-After-Free漏洞

漏洞分析 此漏洞是由于Mozilla Firefox的xul.dll在处理mChannel标签时，在OnChannelRedirect中对mChannel对象进行创建，但在随后调用Release释放，在释放对象过后没有对该指针进行标记，从而导致在随后的调用用中引用mChannel标签时，由于指针已经被释放，导致call地址不可读，从而引发漏洞，下面对此漏洞进行详细分析。 首先打开PoC，火狐浏览器崩溃，附加调试器，到达漏洞现场。 858.85c: Access violation - code c0000005 first chance First chance exceptions a...

CA ARCserve Backup Authentication service invalid virtual function call

Added: 11/09/2012 CVE: CVE-2012-2971 BID: 56116 OSVDB: 86416 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. Problem An invalid virtual function call in the authentication service allows remote attackers to execute arbitrary commands. Resolutio...

CA ARCserve Backup Authentication service invalid virtual function call

Added: 11/09/2012 CVE: CVE-2012-2971 BID: 56116 OSVDB: 86416 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. Problem An invalid virtual function call in the authentication service allows remote attackers to execute arbitrary commands. Resolutio...

Remote code execution

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."...