Memory corruption

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory...

Information disclosure

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a...

CVE-2019-5017

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a...

CVE-2019-5017

CVE-2019-5017 concerns KCodes NetUSB.ko in NETGEAR Nighthawk/other routers. The TALOS advisories confirm an unauthenticated remote kernel information-disclosure vulnerability in NetUSB.ko that can return multiple addresses, including a base address for NetUSB.ko (e.g., 0xBF111000) via crafted pac...

CVE-2019-5016

CVE-2019-5016 is a KCodes NetUSB.ko kernel module vulnerability used by NETGEAR Nighthawk routers (and potentially other vendors) that allows unauthenticated remote memory reads via a crafted index in the NetUSB protocol. The underlying issue is an out-of-bounds/invalid memory read that could lea...

Vulnerability Spotlight: Two bugs in KCodes NetUSB affect some NETGEAR routers

Dave McDaniel of Cisco Talos discovered these vulnerabilities. Executive summary KCodes’ NetUSB kernel module contains two vulnerabilities that could allow an attacker to inappropriately access information on some NETGEAR wireless routers. Specific models of these routers utilize the kernel modul...

CVE-2019-3846

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network...

CVE-2019-3846

CVE-2019-3846 affects the upstream kernel’s Marvell mwifiex wireless kernel driver. The description documents a memory corruption flaw that could allow privilege escalation when connecting to a malicious wireless network. Connected sources confirm this is within the mwifiex driver and describe th...

CVE-2019-3846

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network...

UBUNTU-CVE-2019-3846

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network...

HiddenWall - Linux Kernel Module Generator For Custom Rules With Netfilter (Block Ports, Hidden Mode, Rootkit Functions, Etc)

HiddenWall is a Linux kernel module generator for custom rules with netfilter. block ports, Hidden mode, rootkit functions etc. The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that bloc...

Intel Graphics Driver KMD Module Buffer Overflow Vulnerability

Intel Graphics Drivers is an integrated graphics driver from Intel Corporation.KMD is one of the input modules. A buffer overflow vulnerability exists in the KMD module in Intel Graphics Driver versions prior to 10.18.14.5067 and prior to 10.18.10.5069. The vulnerability stems from a networked...

DEBIAN-CVE-2019-3900

An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stal...

CVE-2019-3900

An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stal...

CVE-2019-3900

An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stal...

CVE-2019-3900

An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stal...

Ubuntu: Security Advisory (USN-3935-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3935-1: BusyBox vulnerabilities

Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14....

USN-3935-1 busybox vulnerabilities

Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14....

CVE-2019-3874

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Mitigation SELinux prevents a bind of the SCTP socket by a non-root user. To mitigate this issue if not using SELinux, or if a...