87 matches found
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4681-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4681-1 advisory. Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4679-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4679-1 advisory. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose...
kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console...
Debian DLA-2385-1 : linux-4.19 security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2019-3874 Kernel buffers allocated by the SCTP network protocol were not limited by the memory cgroup controller. A local user could potentially us...
Medium: kernel
Issue Overview: A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to...
CVE-2020-8648
A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the Red Hat Product Security criteria...
Console Driver Job Object Process Limit Bypass
The console driver in Windows 8.1 can be used to break out of a process with an active process job limit. Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: Attacker requires too much control in advance for this to be useful. Assessed Attacker Value: 1 Assessed Attacker Value:...
USN-3485-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
Ubuntu: Security Advisory (USN-3485-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3485-3: Linux kernel (AWS) vulnerabilities
It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-15265 Eric Biggers discovered that the key...
USN-3485-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-15265 Eric Biggers discovered that the key...
Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3485-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3485-2 advisory. USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...
Mapscrn 2.03 - Local Buffer Overflow Exploit
Exploit for linux platform in category local exploits Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: Mapscrn Part of setfont 2.0.3 The mapscrn command loads a user defined output character mapping table into the console driver. The...
Mapscrn 2.03 - Local Buffer Overflow (PoC)
Mapscrn 2.03 - Local Buffer Overflow PoC Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: Mapscrn Part of setfont 2.0.3 The mapscrn command loads a user defined output character mapping table into the console driver. The console drive...
Mapscrn 2.0.3 Buffer Overflow
Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: Mapscrn Part of setfont 2.0.3 The mapscrn command loads a user defined output character mapping table into the console driver. The console driver may be later put into use user-defined...
Mapscrn 2.03 - Local Buffer Overflow (PoC)
Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: Mapscrn Part of setfont 2.0.3 The mapscrn command loads a user defined output character mapping table into the console driver. The console driver may be later put into use user-defined...
USN-3314-1: Linux kernel vulnerabilities
It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. CVE-2016-9604 It was discovered that a buffer...
Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3314-1)
It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. CVE-2016-9604 Daniel Jiang discovered that a race...
CVE-2017-8067
drivers/char/virtioconsole.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging use of more than...
USN-3099-1 linux vulnerabilities
Vladimír Beneš discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service system crash. CVE-2016-7039 Marco Grassi discovered a...