14 matches found
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002899)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002899 advisory. The killsomethinginfo function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to...
SUSE CVE-2017-7558
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic...
Linux Kernel 4.13 - compat_get_timex() Leak kernel pointer Exploit
Linux Kernel 4.13 - compatgettimex Leak kernel pointer Exploit define GNUSOURCE define BSDSOURCE include include include include include include include include include include include include include include include include include include // Ubuntu 4.13.0-16-generic // gcc -o poc poc.c -m32...
Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer
define GNUSOURCE define BSDSOURCE include include include include include include include include include include include include include include include include include include // Ubuntu 4.13.0-16-generic // gcc -o poc poc.c -m32 struct timex time; int mainint argc, char argv int r; unsigned lon...
Linux Kernel 4.13 compat_get_timex() Kernel Pointer Leak
define GNUSOURCE define BSDSOURCE include include include include include include include include include include include include include include include include include include // Ubuntu 4.13.0-16-generic // gcc -o poc poc.c -m32 struct timex time; int mainint argc, char argv int r; unsigned lon...
glibc security, bug fix, and enhancement update
2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
/ disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define MMAPMINADDR 0x1101de8 define DACMMAPMINADDR 0xe8e810 / get...
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
Linux Kernel 4.13 Debian 9 - Local Privilege Escalation / disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define...
Linux Kernel 4.13 (Ubuntu 17.10) - waitid() SMEP/SMAP Privilege Escalation Exploit
This is a proof of concept exploit for the waitid bug introduced in version 4.13 of the Linux kernel. It can be used to break out of sandboxes such as that in Google Chrome. // Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This...
Linux Kernel 4.13 (Ubuntu 17.10) - waitid() SMEPSMAPChrome Sandbox Privilege Escalation
Linux Kernel 4.13 Ubuntu 17.10 - waitid SMEPSMAPChrome Sandbox Privilege Escalation // Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In thi...
Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...
Playing with kernel TLS in Linux 4.13 and Go
Linux 4.13 introduces support for nothing less than... TLS! The 1600 LoC patch allows userspace to pass the kernel the encryption keys for an established connection, making encryption happen transparently inside the kernel. The only ciphersuite supported is AES-128-GCM as per RFC 5288, meaning it...
CVE-2017-13686
net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTMFFIBMATCH is set, which allows local users to cause a denial of service NULL pointer dereference or possibly have unspecified other impact via crafted system calls. NOTE: this does not...
PT-2017-3603 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13 Description: The issue is related to the hns enet.c component in the Linux kernel, specifically with the use of memory after it has been freed. This can be exploited by local users to cause a denial of...