VulnCheck KEV: CVE-2014-4076

Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to 1 tcpip.sys or 2 tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."...

CVE-2016-6492

The MT6573FDVTSetRegHW function in camerafdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOCTSETFDCONFCMD IOCTL call...

Google Details Linux Kernel Defenses, New and Old

Developers with Android’s Security Team peeled back some of the layers on the mobile operating system this week; describing the lengths Google goes to protect the Linux kernel. In a post to Google’s Security Blog, Jeff Vander Stoep clarified several mitigations slated for inclusion in Nougat, the...

kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko

A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...

CVE-2016-3748

The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804...

CVE-2016-3748

The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804...

CVE-2016-2502

drivers/usb/gadget/fserial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSERIOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044...

CVE-2016-3748

The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804...

Design/Logic Flaw

The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804...

Code injection

drivers/usb/gadget/fserial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSERIOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044...

Linux kernel competitive conditions vulnerability (CNVD-2016-04558)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A competitive condition vulnerability exists in the 'sclpctlioctlsccb' function in the drivers/s390/char/sclpctl.c file in versions of Linux kernel prior to 4.6. A local...

The vulnerability of the Linux operating system, which allows a malicious individual to trigger a service failure or increase their privileges.

The Linux operating system contains a vulnerability related to errors in processing system calls. Exploiting this vulnerability allows for performing service failures or increasing privileges when executing the system call FDRAWCMD ioctl...

Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - netfilter target_offset Local Privilege Escalation

Linux Kernel 4.4.0-21 Ubuntu 16.04 x64 - netfilter targetoffset Local Privilege Escalation / EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44300.zip Video https://www.youtube.com/watch?v=qchiJn94kTo / / decr.c / / Ubuntu 16.04 local root...

Integer overflow

Integer overflow in the sndcomprallocatebuffer function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service insufficient memory allocation or possibly have unspecified other impact via a crafted...

CVE-2012-6703

Integer overflow in the sndcomprallocatebuffer function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service insufficient memory allocation or possibly have unspecified other impact via a crafted...

CVE-2012-6703

Integer overflow in the sndcomprallocatebuffer function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service insufficient memory allocation or possibly have unspecified other impact via a crafted...

PT-2016-3472 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.6-rc6-next-20120917 Description: The issue is related to an integer overflow in the snd compr allocate buffer function in the ALSA subsystem. This can be exploited by local users via a crafted SNDRV COMPRESS S...

Linux kernel buffer overflow vulnerability (CNVD-2016-04392)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the Linux kernel. An attacker can exploit the vulnerability by calling hiddev ioctl with the HIDIOCGUSAGES or HIDIOCSUSAGES commands ...

DEBIAN-CVE-2016-5829

Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted 1 HIDIOCGUSAGES or 2 HIDIOCSUSAGES ioctl call...

CVE-2016-5829

Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted 1 HIDIOCGUSAGES or 2 HIDIOCSUSAGES ioctl call...