FreeBSD : FreeBSD-kernel -- ASLR bypass for setuid executables via procctl(2) (7e61007e-6474-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7e61007e-6474-11f1-958d-bc241121aa0a advisory. The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code th...

FreeBSD Security Advisory - FreeBSD-SA-26:30.linux

FreeBSD Security Advisory - The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and...

CVE-2026-7270

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

pagecache-guard 中文文档 A runtime integr...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: exec: Force a single empty string when argv is empty Quoting 1 Ariadne Conill: “In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program. This prevents scenarios...

CVE-2026-7270

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

CVE-2026-7270

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

CVE-2026-7270 Local privilege escalation via execve()

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

EUVD-2026-26353

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

CVE-2026-7270 Local privilege escalation via execve()

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

FreeBSD : FreeBSD -- Local privilege escalation via execve() (f528ea29-4434-11f1-bb07-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f528ea29-4434-11f1-bb07-bc241121aa0a advisory. An operator precedence bug in the kernel results in a scenario where a buffer overflow causes...

FreeBSD Security Advisory - FreeBSD-SA-26:13.exec

FreeBSD Security Advisory - An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers...

FreeBSD-SA-26:13.exec

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:13.exec Security Advisory The FreeBSD Project Topic: Local privilege escalation via execve Category: core Module: execve2 Announced: 2026-04-29 Credits: Ryan...

FreeBSD -- Local privilege escalation via execve()

Problem Description: An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. Impact: The bug may be exploitable by an unprivileged user to obtain superuser privileges...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007041)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007041 advisory. In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the...

New-Shellcode-Injection-Exploit

Shellcode Injection Exploit Author Created by 0x5da...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003694)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003694 advisory. In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003290)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003290 advisory. The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003478 advisory. Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002831)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002831 advisory. The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings the...