USN-3695-1: Linux kernel vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service system crash. CVE-2018-1094 It was discovered that the cdrom driver in the Linux kernel contained an...

AIX rmsock Advisory : rmsock_advisory2.asc (IJ06904) (IJ06905) (IJ06906) (IJ06907) (IJ06908) (IJ06934) (IJ06935)

The version of the rmsock command installed on the remote AIX host is affected by an information disclosure vulnerability. An unauthenticated, local attacker can exploit this and potentially expose kernel memory. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110777;...

CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748...

Design/Logic Flaw

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748...

CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748...

CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748...

CVE-2018-1655

CVE-2018-1655 affects IBM AIX rmsock in AIX 5.3, 6.1, 7.1, 7.2 (and VIOS 2.2.x). The rmsock setUID binary can leak uninitialized kernel memory when handling crafted socket addresses, enabling an information disclosure via kernel memory exposure. TALOS confirms a kernel memory leak vulnerability e...

CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. Recent assessments: timb-machine at March 05, 2021 12:31am UTC reported: This bug is trivial to exploit but time consuming to gain useful advantage. Each...

IBM AIX Information Disclosure Vulnerability (CNVD-2018-12113)

IBM AIX Advanced Interactive eXecutive is a UNIX operating system developed by IBM. A security vulnerability exists in the rmsock command in IBM AIX. An attacker can exploit this vulnerability to disclose kernel memory...

Detecting Kernel Memory Disclosure – Whitepaper

Posted by Mateusz Jurczyk, Project Zero Since early 2017, we have been working on Bochspwn Reloaded – a piece of dynamic binary instrumentation built on top of the Bochs IA-32 software emulator, designed to identify memory disclosure vulnerabilities in operating system kernels. Over the course of...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : AMD Microcode update (USN-3690-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3690-1 advisory. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via...

USN-3690-1 amd64-microcode update

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

kernel: net: sctp_v6_create_accept_sk function mishandles inheritance

The sctpv6createacceptsk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this fl...

kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism

The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIGSTRICTDEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte and bypass slab-allocation access restrictions via an application that opens the...

kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

Security Bulletin: IBM Netezza Host Management is affected by the vulnerabilities known as Spectre and Meltdown.

Summary IBM Netezza Host Management is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details CVEI...

Security Bulletin: Multiple vulnerabilities in GPFS affects IBM® DB2® LUW on AIX and Linux (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Summary There are multiple vulnerabilities in IBM® General Parallel File System, Versions V3.4 and V3.5 that are used by DB2® pureScale™ Feature on AIX and Linux. Vulnerability Details CVEID: CVE-2015-0197 DESCRIPTION: IBM General Parallel File System could allow a local attacker which only has a...

Security Bulletin: IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown.

Summary IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass...

Memory corruption

Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356C00 has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter t...

CVE-2017-17173

Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356C00 has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter t...