CVE-2023-53594 driver core: fix resource leak in device_add()

In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in deviceadd When calling kobjectadd failed in deviceadd, it will call cleanupgluedir to free resource. But in kobjectadd, dev-kobj.parent has been set to NULL. This will cause resource leak. The...

CVE-2022-48998 powerpc/bpf/32: Fix Oops on tail call tests

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf/32: Fix Oops on tail call tests testbpf tail call tests end up as: testbpf: 0 Tail call leaf jited:1 85 PASS testbpf: 1 Tail call 2 jited:1 111 PASS testbpf: 2 Tail call 3 jited:1 145 PASS testbpf: 3 Tail call 4 jited...

CVE-2024-38588

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftracelocation KASAN reports a bug: BUG: KASAN: use-after-free in ftracelocation+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod...

CVE-2024-38588

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftracelocation KASAN reports a bug: BUG: KASAN: use-after-free in ftracelocation+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod...

CVE-2024-38588

Summary of CVE-2024-38588 (Linux kernel) : A use-after-free in ftrace_location was reported by KASAN and fixed. The race occurs when ftrace_location accesses ftrace pages of a module that is being freed during module unloading (ftrace_release_mod). The root cause is a window where ftrace_location...

Docker Privileged Container Kernel Escape Exploit

This Metasploit module performs a container escape onto the host as the daemon user. It takes advantage of the SYSMODULE capability. If that exists and the linux headers are available to compile on the target, then we can escape onto the host. This module requires Metasploit:...

Docker Privileged Container Kernel Escape

This module performs a container escape onto the host as the daemon user. It takes advantage of the SYSMODULE capability. If that exists and the linux headers are available to compile on the target, then we can escape onto the host. Module Options msf use...

Docker Privileged Container Kernel Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker Privileged Container Kernel Escape', 'Description' = %q This module performs a container escape onto the host as the daemon user. It takes...

Xen - Pagetable De-typing Unbounded Recursion

Xen - Pagetable De-typing Unbounded Recursion Xen allows pagetables of the same level to map each other as readonly in PV domains. This is useful if a guest wants to use the self-referential pagetable trick for easy access to pagetables by mapped virtual address. When cleaning up a pagetable afte...

LiME - Linux Memory Extractor

A Loadable Kernel Module LKM which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its interaction between user and kernel space...

insmod.linux.txt

Date: Tue, 30 Mar 1999 22:08:13 -0500 From: Brian Szymanski To: [email protected] Subject: linux insmod bug/security vulnerability Howdy all, Recently I discovered a bug in insmod that would require a lot of time and luck to exploit, but is nonetheless important for systems wanting rock-solid...