Linux Kernel 3.x (Ubuntu 14.04 Mint 17.3 Fedora 22) - Double-free usb-midi SMEP Privilege Escalation

Linux Kernel 3.x Ubuntu 14.04 Mint 17.3 Fedora 22 - Double-free usb-midi SMEP Privilege Escalation Source: https://xairy.github.io/blog/2016/cve-2016-2384 Source: https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384 Source: https://www.youtube.com/watch?v=lfl1NJn1nvo Exploit-DB Note...

Null pointer dereference

The Stream Control Transmission Protocol SCTP module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service assertion failure or NULL pointer dereference and kernel panic via a crafted ICMPv6...

Apple Mac OSX iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit

Apple Mac OSX iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit Source: https://code.google.com/p/google-security-research/issues/detail?id=620 I wanted to demonstrate that these iOS/OS X kernel race condition really are exploitable so here's a PoC which gets RIP on OS...

Apple Mac OSX - IOHDIXControllerUserClient::convertClient Buffer Integer Overflow

Apple Mac OSX - IOHDIXControllerUserClient::convertClient Buffer Integer Overflow / Source: https://code.google.com/p/google-security-research/issues/detail?id=511 Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x100 byte structure input from which it reads a userspac...

Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Kernel NULL Dereference

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=595 The field at IntelAccelerator+0xe60 is a pointer to a GSTContextKernel allocated in the ::gstqCreateInfoMethod. In the ::start method this field is initialized to NULL. The IGAccelDevice external method gstconfigure...

FreeBSD Patches Kernel Panic Vulnerability

FreeBSD has patched a denial-of-service vulnerability affecting versions configured to support SCTP and IPv6, the default configurations on later version of the open source OS. Researchers at Positive Technologies in the U.K. said versions 9.3, 10.1 and 10.2 are affected and can be exploited by a...

FreeBSD SCTP ICMPv6 - Error Processing

FreeBSD SCTP ICMPv6 - Error Processing !/usr/bin/env python -- coding: utf-8 -- ''' Source: http://blog.ptsecurity.com/2016/01/severe-vulnerabilities-detected-in.html SCTP stream control transmission protocol is a transport-layer protocol designed to transfer signaling messages in an IP...

FreeBSD-SA-16:01.sctp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:01.sctp Security Advisory The FreeBSD Project Topic: SCTP ICMPv6 error message vulnerability Category: core Module: SCTP Announced: 2016-01-14 Credits:...

FreeBSD -- SCTP ICMPv6 error message vulnerability

Problem Description: A lack of proper input checks in the ICMPv6 processing in the SCTP stack can lead to either a failed kernel assertion or to a NULL pointer dereference. In either case, a kernel panic will follow. Impact: A remote, unauthenticated attacker can reliably trigger a kernel panic i...

Debian DLA-360-1 : linux-2.6 security update

This update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid operations on local AFUNIX sockets can result in a use-after-free. This may be used to cause a denial of service crash or possibly for privilege escalation. CVE-2015-7799...

RedHat Update for kernel RHSA-2015:2552-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 360-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze17 CVE ID : CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-7990 CVE-2015-8324 This update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid...

DLA-360-1 linux-2.6 - security update

Bulletin has no description...

Amazon Linux AMI : kernel (ALAS-2015-610)

A denial of service vulnerability was discovered in the keyring function's garbage collector in the Linux kernel. The flaw allowed any local user account to trigger a kernel panic. CVE-2015-7872 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Juniper Networks Junos OS IPv6 mbuf Chain DoS Vulnerability

Junos OS is prone to a DoS vulnerability in the mbuf chain. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...

Medium: kernel

Issue Overview: A denial of service vulnerability was discovered in the keyring function's garbage collector in the Linux kernel. The flaw allowed any local user account to trigger a kernel panic. CVE-2015-7872 Affected Packages: kernel Issue Correction: Run yum update kernel or yum update...

kernel: Creating multiple sockets when SCTP module isn't loaded leads to kernel panic

A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded...

kernel: nfnetlink race in NETLINK_NFLOG socket creation

A race-condition flaw was discovered in the kernel's netlink module creation, which can trigger a kernel panic in netlinkrelease-moduleput for local users creating netlink sockets. The flaw is specific to Red Hat Enterprise Linux and does not affect upstream kernels. The nfnetlinklog module must ...

kernel: Creating multiple sockets when SCTP module isn't loaded leads to kernel panic

A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded...

[SECURITY] [DSA 3396-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3396-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2015 https://www.debian.org/security/faq -...