89 matches found
kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results
If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmfwowlndresults function. This vulnerability can be exploited by compromised...
Amazon Linux AMI : kernel (ALAS-2019-1214)
A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create...
Amazon Linux 2 : kernel (ALAS-2019-1214)
A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create...
Impact of 62 million devices: the interpretation I is how to find the Marvell Avastar Wi-Fi remote code execution vulnerability-vulnerability warning-the black bar safety net
One, overview In the present study, I will mainly analyze the Marvell WiFi-FullMAC SoC security. Since we have not yet completed the product with a chip of a wireless device of research, and therefore which may contain large amounts of unaudited code, which might appear serious security problems...
USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3419-2)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3419-2 advisory. USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement H...
Ubuntu: Security Advisory (USN-3419-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-3419-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3419-2 linux-hwe vulnerabilities
USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel wh...
USN-3419-2: Linux kernel (HWE) vulnerabilities
USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel wh...
USN-3419-1: Linux kernel vulnerabilities
It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2017-1000251 It was discovered that a buffer overflow existed in t...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3405-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3405-1 advisory. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use...
Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3405-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3405-2 advisory. USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...
USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message que...
USN-3405-1: Linux kernel vulnerabilities
It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-11176 Huang Weller discovered that the ext4 filesyste...
USN-3405-1 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-11176 Huang Weller discovered that the ext4 filesyste...
Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)
Posted by Gal Beniamini, Project Zero In this blog post we'll continue our journey into gaining remote kernel code execution, by means of Wi-Fi communication alone. Having previously developed a remote code execution exploit giving us control over Broadcom’s Wi-Fi SoC, we are now left with the ta...
Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)
Posted by Gal Beniamini, Project Zero It’s a well understood fact that platform security is an integral part of the security of complex systems. For mobile devices, this statement rings even truer; modern mobile platforms include multiple processing units, all elaborately communicating with one...
USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
USN-3146-2: Linux kernel Xenial HWE vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the getuserasmex implementation in the Linux kernel for x86/x8664 contained extended asm statements that were incompatible with the...
Ubuntu 16.04 LTS : Linux kernel (Raspberry Pi 2) vulnerabilities (USN-3161-3)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3161-3 advisory. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to...