CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oomlock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator e.g., via concurrent page fault...

UBUNTU-CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oomlock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator e.g., via concurrent page fault...

DEBIAN-CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oomlock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator e.g., via concurrent page fault...

CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oomlock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator e.g., via concurrent page fault...

CVE-2016-10723

CVE-2016-10723 affects the Linux kernel up to version 4.17.2. The issue is in the page allocator: it does not yield CPU resources to the owner of the oom_lock mutex, allowing a local unprivileged user to trap the system in a busy loop by wasting CPU time during oom-killer invocation. The root cau...

CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oomlock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator e.g., via concurrent page fault...

procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues

A flaw was found where procps-ng provides wrappers for standard C allocators that took unsigned int instead of sizet parameters. On platforms where these differ such as x8664, this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowe...

Linux - mincore() Uninitialized Kernel Heap Page Disclosure Exploit

Linux mincore discloses uninitialized kernel heap pages. When walkpagerange is used on a VMHUGETLB VMA, callbacks from the mmwalk structure are only invoked for present pages. However, domincore assumes that it will always get callbacks for all pages in the range passed to walkpagerange, and when...

Linux Kernel - mincore() Uninitialized Kernel Heap Page Disclosure

Linux Kernel - mincore Uninitialized Kernel Heap Page Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 I found the following bug with an AFL-based fuzzer: When walkpagerange is used on a VMHUGETLB VMA, callbacks from the mmwalk structure are only invoked for...

chromium-browser: memory lifecycle issue in pdfium

Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file...

grant_table: Race conditions with maptrack free list handling

ISSUE DESCRIPTION The grant table code in Xen has a bespoke semi-lockfree allocator for recording grant mappings "maptrack" entries. This allocator has a race which allows the free list to be corrupted. Specifically: the code for removing an entry from the free list, prior to use, assumes without...

dlplibs: Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch

Detailed report: https://oss-fuzz.com/testcase?key=6258184752726016 Project: dlplibs Fuzzer: libFuzzerdlplibszmffuzzer Fuzz target binary: zmffuzzer Job Type: libfuzzerasandlplibs Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash Address: 0x615000000741 Crash State:...

UBUNTU-CVE-2017-5546

The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service duplicate freelist entries and system crash or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a...

SUSE-SU-2017:0379-1 Security update for gcc48

This update for gcc48 to version 4.8.5 fixes several issues. This security issue was fixed: - CVE-2015-5276: The std::randomdevice class in libstdc++ did not properly handle short reads from blocking sources, which made it easier for context-dependent attackers to predict the random values via...

RHEL 6 : kernel-rt (RHSA-2017:0113)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0113 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Linux af_packet.c race condition (local root) (CVE-2016-8655)

To create AFPACKET sockets you need CAPNETRAW in your network namespace, which can be acquired by unprivileged processes on systems where unprivileged namespaces are enabled Ubuntu, Fedora, etc. It can be triggered from within containers to compromise the host kernel. On Android, processes with...

PT-2016-3456 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.17.2 Description: The issue is related to the Linux kernel's page allocator not yielding CPU resources to the owner of the oom lock mutex. This can allow a local unprivileged user to lock up the system forever ...

Fedora 24 : curl (2016-e8e8cdb4ed)

fix cookie injection for other servers CVE-2016-8615 - compare user/passwd case-sensitively while reusing connections CVE-2016-8616 - base64: check for integer overflow on large input CVE-2016-8617 - fix double-free in krb5 code CVE-2016-8619 - fix double-free in curlmaprintf CVE-2016-8618 - fix...

PHP 7 is due: the deserialization vulnerability case studies and analysis of on-vulnerability warning-the black bar safety net

! 1. Vulnerability history For hackers, if you can use a server-side error, that's the equivalent of hit the jackpot. Because users tend to move their data stored in the server,if a hacker can make use of this error can be directed to a target, thereby acquiring greater benefits. PHP scripting...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-3053-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3053-1 advisory. A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL...