6 matches found
CVE-2021-46955
In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds...
CVE-2021-46955 openvswitch: fix stack OOB read while fragmenting IPv4 packets
In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds...
CVE-2021-46954
In the Linux kernel, the following vulnerability has been resolved: net/sched: schfrag: fix stack OOB read while fragmenting IPv4 packets when 'actmirred' tries to fragment IPv4 packets that had been previously re-assembled using 'actct', splats like the following can be observed on kernels built...
CVE-2021-46954 net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets
In the Linux kernel, the following vulnerability has been resolved: net/sched: schfrag: fix stack OOB read while fragmenting IPv4 packets when 'actmirred' tries to fragment IPv4 packets that had been previously re-assembled using 'actct', splats like the following can be observed on kernels built...
Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit
No description provided by source. / hoagieudpsendmsg.c LOCAL LINUX KERNEL ROOT EXPLOIT 2.6.19 - CVE-2009-2698 udpsendmsg bug exploit via output callback function used in dstentry / rtable Bug reported by Tavis Ormandy and Julien Tinnes of the Google Security Team Tested with Debian Etch r0 $ cat...
Linux Kernel < 2.6.19 (Debian 4) - 'udp_sendmsg' Local Privilege Escalation (3)
/ hoagieudpsendmsg.c LOCAL LINUX KERNEL ROOT EXPLOIT include include include include include include include include / this code will be called from NFHOOK via output callback in kernel mode / void setcurrenttaskuidsgidstozero asm"push %eax\n" "movl $0xffffe000, %eax\n"...