UBUNTU-CVE-2017-1000255

On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the kernel stack pointer. As part of the exception entry the content of the signa...

CVE-2017-8253

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace...

kernel: State machine confusion bug in vfio driver leading to memory corruption

A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution...

kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko

A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...

Linux kernel denial of service vulnerability (CNVD-2016-03199)

Linux kernel is an open source operating system. The Linux kernel 'fillv4l2buffer' function fails to properly validate the number of 'planes', allowing a local attacker to exploit this vulnerability to overwrite kernel memory and conduct denial of service attacks...

Linux Kernel <= 2.6.36-rc8 - RDS Protocol Local Privilege Escalation

No description provided by source. //source: http://www.vsecurity.com/resources/advisory/20101019-1/ / Linux Kernel = 2.6.36-rc8 RDS privilege escalation exploit CVE-2010-3904 by Dan Rosenberg [email protected] Copyright 2010 Virtual Security Research, LLC The handling functions for sendin...

FreeBSD privilege escalation

Kernel memory overwrite via Linux compatibility subsystem...

Null pointer dereference

The doexit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNELDS getfs value, which allows local users to bypass intended accessok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a 1 BUG, 2 NULL pointer...

Kingsoft WebShield privilege escalation

Kernel memory overwrite on IOCTL processing...

[Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation

CHECK POINT ZONE LABS PRODUCTS MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES Rubйn Santamarta [email protected] 04.20.2007 Affected products: + ZoneAlarm Srescan.sys v 5.0.155 and earlier Srescan.sys is exposed through the following Dos Device:“.SreScan”. Restricted accounts ,including...

CVE-2005-0736

Integer overflow in sysepollwait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events...

CVE-2002-1420

Integer signedness error in select on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation...

CVE-2002-2127

Integrity Protection Driver IPD 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink...