Linux - Use-After-Free via race Between modify_ldt() and #BR Exception

Linux - Use-After-Free via race Between modifyldt and BR Exception / When a BR exception is raised because of an MPX bounds violation, Linux parses the faulting instruction and computes the linear address of its memory operand. If the userspace instruction is in 32-bit code, this involves looking...

Kernel security update: Virtuozzo ReadyKernel patch 80.0 for Virtuozzo 7.0 Update 10

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernel 3.10.0-957.10.1.vz7.85.17 Virtuozzo 7.0 Update 10. Vulnerability id: PSBM-94535 It was discovered that a certain sequence of operations related to IPv4 routing could trigger a...

SUSE-SU-2019:0767-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to fix various issues. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc1129179. - CVE-2019-9213: expanddownwards in mm/mmap.c lacked a...

Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference

kvmioctlcreatedevice contains the following code: dev = kzallocsizeofdev, GFPKERNEL; if !dev return -ENOMEM; dev-ops = ops; dev-kvm = kvm; mutexlock&kvm-lock; ret = ops-createdev, cd-type; if ret lock; kfreedev; return ret; listadd&dev-vmnode, &kvm-devices; mutexunlock&kvm-lock; if ops-init...

Linux - kvm_ioctl_create_device() NULL Pointer Dereference

Linux - kvmioctlcreatedevice NULL Pointer Dereference kvmioctlcreatedevice contains the following code: dev = kzallocsizeofdev, GFPKERNEL; if !dev return -ENOMEM; dev-ops = ops; dev-kvm = kvm; mutexlock&kvm-lock; ret = ops-createdev, cd-type; if ret lock; kfreedev; return ret; listadd&dev-vmnode,...

Linux - #VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Exploit

Exploit for linux platform in category local exploits Linux - VMA Use-After-Free via Buggy vmacacheflushall Fastpath Exploit Since commit 615d6e8756c8 "mm: per-thread vma caching", first in 3.15, Linux has per-task VMA caches that contain up to four VMA pointers for fast lookup. VMA caches are...

Important kernel security update: CVE-2017-18344; Virtuozzo ReadyKernel patch 56.0 for all supported Virtuozzo 7.0 kernels

The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported Virtuozzo 7.0 kernels. Vulnerability id: CVE-2017-18344 The implementation of timercreate system call in the Linux kernel before 4.14.8 doesn't properly validate the sigevent::sigevnotif...

CVE-2017-18344

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function. Mitigation Attached to this bugzilla is a systemtap script that will prevent opening an...

Kernel security update: Virtuozzo ReadyKernel patch 49.0 for Virtuozzo 7.0.1, 7.0.3, 7.0.5, 7.0.6, and 7.0.6 HF3

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo 7.0 kernels 3.10.0-327.42.0.vz7.18.7 7.0.1, 3.10.0-327.42.0.vz7.20.18 7.0.3, 3.10.0-514.26.1.vz7.33.22 7.0.5, 3.10.0-693.1.1.vz7.37.30 7.0.6, and 3.10.0-693.11.6.vz7.40.4 7.0.6...

Solaris 10 (sparc) : 139555-08

SunOS 5.10: Kernel Patch. Date this patch was last updated by Sun : May/07/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 10 (x86) : 139556-08

SunOS 5.10x86: Kernel Patch. Date this patch was last updated by Sun : May/07/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Unbreakable Enterprise kernel security update

4.1.12-112.14.11 - x86/pti/efi: broken conversion from efi to kernel page table Pavel Tatashin Orabug: 27363926 Orabug: 27352353 CVE-2017-5754 - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT redux Konrad Rzeszutek Wilk Orabug: 27369994 - x86/IBRS: Make sure we restore...

Anti-Virus Updates Required Ahead of Microsoft’s Meltdown, Spectre Patches

Microsoft said it is holding off delivering security updates to Windows PCs for Spectre and Meltdown CPU flaws until hosted anti-virus software confirms it does not make unsupported calls into Windows kernel memory. Affected are PCs running certain AV products that bypass Windows built-in Kernel...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2908-1) (KRACK) (Stack Clash)

The SUSE Linux Enterprise 12 SP1 LTS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-15649: net/packet/afpacket.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of...

DEBIAN-CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 backported to Linux 3.10.7...

Important kernel security update: CVE-2017-1000111 and other; Virtuozzo ReadyKernel patch 29.1 for Virtuozzo 7.0.5

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernel 3.10.0-514.26.1.vz7.33.22 Virtuozzo 7.0.5. Vulnerability id: CVE-2017-1000111 A race condition issue leading to a use-after-free flaw was found in the way the raw packet...

SUSE-SU-2017:2103-1 Security update for Linux Kernel Live Patch 20 for SLE 12

This update for the Linux Kernel 3.12.61-5269 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege bsc1050751. - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote...

Kernel security update: CVE-2017-7472 and other; Virtuozzo ReadyKernel patch 19.1 for Virtuozzo 7.0.x

The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 Virtuozzo 7.0.0, 3.10.0-327.36.1.vz7.18.7 Virtuozzo 7.0.1, and 3.10.0-327.36.1.vz7.20.18 Virtuozzo 7.0.3. Vulnerability id: CVE-2017-7472 It was found that...

Oracle VM VirtualBox - virtio-net Guest-to-Host Out-of-Bounds Write

Oracle VM VirtualBox - virtio-net Guest-to-Host Out-of-Bounds Write Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1136 This is a vulnerability that affects VirtualBox VMs that use a virtio network adapter which is a non-standard configuration. It permits the guest kernel to...

VirtualBox Guest-To-Host Out-Of-Bounds Write Exploit

Exploit for multiple platform in category dos / poc VirtualBox: guest-to-host out-of-bounds write via virtio-net CVE-2017-3575 This is a vulnerability that affects VirtualBox VMs that use a virtio network adapter which is a non-standard configuration. It permits the guest kernel to write up to 4G...