kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ

A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisationCONFIGKVM support with Virtual Function I/O feature CONFIGVFIO enabled. This failure could occur if a malicious guest device sent a virtual interrupt guest IRQ with a larger 1024 index value...

Linux Kernel 4.14.rc3 - Local Denial of Service

Linux Kernel 4.14.rc3 - Local Denial of Service / Exploit Title: Linux Kernelnrfrags was overwritten by ev-iferror = err 0xff in the condition where nlh-nlmsglen==0x10 and skb-len nlh-nlmsglen. POC: / include include include include include define NETLINKUSER 31 define MAXPAYLOAD 1024 / maximum...

Security Apps Fail to Detect Malware Threats Due to Windows Kernel Bug

By Waqas According to security researchers, there is a decade old bug This is a post from HackRead.com Read the original post: Security Apps Fail to Detect Malware Threats Due to Windows Kernel Bug...

kernel: net: IPv6 DCCP implementation mishandles inheritance

The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memo...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2060-1)

This update for the Linux Kernel 3.12.62-6062 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege bsc1050751. - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remot...

kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c

It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcpfastopen' set to 1 can hit BUG statement in tcpcollapse function after making a number of certain syscalls leading to a possible system crash...

initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection

In the May 2017 Android Security Bulletin, Google released a patch to a critical and unique vulnerability CVE-2016-10277 in the Nexus 6 bootloader we had found and responsibly disclosed. By exploiting the vulnerability, a physical adversary or one with authorized-ADB/fastboot USB access to the...

CVE-2017-8831

The saa7164busget function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service out-of-bounds array access or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch"...

RunC Exec Vulnerability | Cloud Foundry

Medium Vendor Open Containers Initiative Description RunC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the...

DEBIAN-CVE-2016-8660

The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service fdatasync failure and system hang by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."...

Moderate: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

glibc security, bug fix, and enhancement update

2.17-105.0.1 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. 2.17-105 - Fix up test case for initial-exec fix 1248208. 2.17-104 - Mark all TLS variables i...

DSA-3237-1 linux - security update

Bulletin has no description...

Apple Yosemite 10.10.3 OS Security Patches

Apple on Wednesday released close to 80 security updates for OS X, including remote code execution vulnerabilities in a dozen components that were patched in Yosemite 10.10.3. The OS X update was released the same day as an extensive update in iOS 8.3 that patched three dozen code execution and...

Apple iOS setreuid and setregid call elevation of privilege vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security building exists in the Apple iOS kernel setreuid and setregid, due to the Apple iOS kernel failing to properly drop privileges. A local attacker can exploit the vulnerability to elevate...

Android Futex Requeue Kernel Exploit

This Metasploit module exploits a bug in futexrequeue in the linux kernel. Any android phone with a kernel built before June 2014 should be vulnerable. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web sit...

Linux Kernel 2.6.x - IPv6_SockGlue.c NULL Pointer Dereference Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23142/info The Linux kernel is prone to a NULL-pointer dereference vulnerability. A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. The attacker may also be ab...

CVE-2014-1766

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure...

Memory corruption

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure...

Kernel: perf/x86: offcore_rsp valid mask for SNB/IVB

arch/x86/kernel/cpu/perfeventintel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service general protection fault and system crash by attempting to set a reserved bit...