6601 matches found
CVE-2014-2038
The nfscanextendwrite function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by...
CVE-2014-2038
The nfscanextendwrite function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by...
UBUNTU-CVE-2014-1690
The help function in net/netfilter/nfnatirc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature...
PT-2014-4443 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.13.3 Description: The issue allows local users to obtain sensitive information from kernel memory under certain circumstances. This is due to the nfs can extend write function relying on a write delegation to...
CVE-2014-1253
AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service kernel memory corruption or possibly have unspecified other impact via a malformed header in a Portable Executable PE file...
Memory corruption
AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service kernel memory corruption or possibly have unspecified other impact via a malformed header in a Portable Executable PE file...
CVE-2014-1253
AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service kernel memory corruption or possibly have unspecified other impact via a malformed header in a Portable Executable PE file...
CVE-2014-1253
CVE-2014-1253: A bounds‑checking issue in the AppleMNT.sys driver of Apple Boot Camp (pre-5.1) lets a local attacker trigger kernel memory corruption by loading a malformed Portable Executable header, potentially causing a crash or other impact. Affected product: Boot Camp Support Software prior ...
Kernel: net: leakage of uninitialized memory to user-space via recv syscalls
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, or 3 recvmsg system call, related to net/ipv4/ping.c,...
CVE-2012-0875
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...
DEBIAN-CVE-2012-0875
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...
CVE-2012-0875
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...
Exploit Linux 3.4+ Arbitrary write with CONFIG_X86_X32
CVE: 2014-0038 Author: saelo Published: 2014-02-02 / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pass a pointer to a...
CVE-2012-0875
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...
CVE-2012-0875
Affected software: SystemTap (examples cited: 1.7, 1.6.7; other versions likely affected). Vulnerability cause: When unprivileged mode is enabled, crafted DWARF data can trigger an invalid pointer read, enabling local users to read kernel memory or cause a kernel panic/DoS. Impact: Local informat...
CVE-2012-0875
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...
Linux kernel 3.4+ Arbitrary write with CONFIG_X86_X32
Exploit for linux platform in category local exploits / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pass a pointer to ...
Linux Kernel 3.4 3.13.2 (Ubuntu 13.10) - CONFIG_X86_X32 Arbitrary Write (2)
Linux Kernel 3.4 3.13.2 Ubuntu 13.10 - CONFIGX86X32 Arbitrary Write 2 / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pa...
CVE-2014-1444
The fstgetiface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability for an SIOCWANDEV ioctl call...
CVE-2014-1444
The fstgetiface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability for an SIOCWANDEV ioctl call...