141 matches found
openSUSE Security Update : samba (openSUSE-2019-1292)
This update for samba fixes the following issues : Security issue fixed : - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share bsc1131060. Non-security issues fixed : - Fix vfsceph ftruncate and fallocate handling...
Linux Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Exploit
Exploit for linux platform in category dos / poc / Note: I am both sending this bug report to email protected and filing it in the Ubuntu bugtracker because I can't tell whether this counts as a kernel bug or as a Ubuntu bug. You may wish to talk to each other to determine the best place to fix...
Linux #Ubuntu Coredump Reading Access Bypass Vulnerability
Linux/Ubuntu suffers from a vulnerability where other users' coredumps can be read via a setgid directory and killpriv bypass. Linux/Ubuntu: other users' coredumps can be read via setgid directory and killpriv bypass Note: I am both sending this bug report to email protected and filing it in the...
DEBIAN-CVE-2017-18257
The getdatablock function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow and loop via crafted use of the open and fallocate system calls with an FSIOCFIEMAP ioctl...
Integer overflow
The getdatablock function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow and loop via crafted use of the open and fallocate system calls with an FSIOCFIEMAP ioctl...
CVE-2017-18257
CVE-2017-18257 affects the Linux kernel: the __get_data_block function in fs/f2fs/data.c (before 4.11) can be triggered by crafted open and fallocate calls via an FS_IOC_FIEMAP ioctl, causing local denial of service (integer overflow and loop). Public advisories from Unity Linux, Ubuntu USN-3696-...
CVE-2017-18257
The getdatablock function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow and loop via crafted use of the open and fallocate system calls with an FSIOCFIEMAP ioctl...
kernel: ext4 filesystem page fault race condition with fallocate call.
A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space...
kernel: ext4 filesystem page fault race condition with fallocate call.
A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space...
kernel: ext4 filesystem page fault race condition with fallocate call.
A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space...
Virtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0307)
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Design/Logic Flaw
The ext4zerorange function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service BUG via a crafted fallocate zero-range request...
DEBIAN-CVE-2015-0275
The ext4zerorange function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service BUG via a crafted fallocate zero-range request...
CVE-2015-0275
The ext4zerorange function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service BUG via a crafted fallocate zero-range request...
CVE-2015-0275
The ext4zerorange function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service BUG via a crafted fallocate zero-range request...
CVE-2015-0275
CVE-2015-0275 affects the Linux kernel ext4 subsystem: the ext4_zero_range function in fs/ext4/extents.c allows local users to trigger a denial of service via a crafted fallocate zero-range request. The linked MiracleLinux/Unity Linux Nessus entries reproduce this: the vulnerability is described ...
kernel: fs: ext4: fallocate zero range page size > block size BUG()
A flaw was found in the way the Linux kernel's ext4 file system handled the "page size block size" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system...
kernel: fs: ext4: fallocate zero range page size > block size BUG()
A flaw was found in the way the Linux kernel's ext4 file system handled the "page size block size" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system...
Important: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whic...
kernel: fs: ext4: fallocate zero range page size > block size BUG()
A flaw was found in the way the Linux kernel's ext4 file system handled the "page size block size" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system...