PT-2025-26145 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A Use After Free bug was found in the compute effective progs function. The issue occurs when a fault is injected into an allocation failure while calling bpf link detach on a number o...

PYSEC-2020-331

In Tensorflow before version 2.4.0, when the boxes argument of tf.image.cropandresize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is...

Google, Intel Warn on 'Zero-Click' Kernel Bug in Linux-Based IoT Devices

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things IoT devices. Click to Register! According to Google, the vulnerability affects users of Linux kernel...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.

A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.

A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...

kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.

A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...

CVE-2019-19536

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peakusb/pcanusbpro.c driver, aka CID-ead16e53c2f0...

CVE-2019-19527

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e...

In-the-wild iOS Exploit Chain 4

Posted by Ian Beer, Project Zero TL;DR This exploit chain supported iOS 12-12.1, although the two vulnerabilities were unpatched when we discovered the chain in the wild. It was these two vulnerabilities which we reported to Apple with a 7-day deadline, leading to the release of iOS 12.1.4. The...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2019-12817

arch/powerpc/mm/mmucontextbook3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected...

DEBIAN-CVE-2019-12382

An issue was discovered in drmloadedidfirmware in drivers/gpu/drm/drmedidload.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service NULL pointer dereference and system crash. NOTE: The vendor disputes this issues as...

kernel: memory leak when merging buffers in SCSI IO vectors

It was found that in the Linux kernel through v4.14-rc5, biomapuseriov and biounmapuser in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bioaddpcpage merges them into one, but the page reference is never dropped, causing a...

Deja-XNU

Posted by Ian Beer, Google Project Zero This blog post revisits an old bug found by Pangu Team and combines it with a new, albeit very similar issue I recently found to try to build a "perfect" exploit for iOS 7.1.2. State of the art An idea I've wanted to play with for a while is to revisit old...

Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler

There is a missing address check in both showopcodes callers. showopcodes is mostly used by the kernel to print the raw instruction bytes surrounding an instruction that generated an unexpected exception; however, sometimes it is also used to print userspace instructions. Because the userspace...

Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass

Linux Ubuntu - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass / Note: I am both sending this bug report to [email protected] and filing it in the Ubuntu bugtracker because I can't tell whether this counts as a kernel bug or as a Ubuntu bug. You may wish to talk to ea...

File-Level Restore - FUSE mount is not supported on kernel versions 4.0.0-4.1.33

This issue is related to a known kernel bug and affects any version of Veeam Agent for Linux. Challenge When performing guest file recovery from a backup of a machine running Linux Kernel versions 4.0.0 through 4.1.33, the restore fails to mount with the error: FUSE mount is not supported on kern...

kernel: vfs: BUG in truncate_inode_pages_range() and fuse client

A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary...