CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

kernel: Stack overflow via ecryptfs and /proc/$pid/environ

It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to...

CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

FreeBSD : FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2) (74389f22-6007-11e6-a6c3-14dae9d210b8)

When setlogin2 is called while setting up a new login session, the login name is copied into an uninitialized stack buffer, which is then copied into a buffer of the same size in the session structure. The getlogin2 system call returns the entire buffer rather than just the portion occupied by th...

FreeBSD : FreeBSD -- Kernel stack disclosure in Linux compatibility layer (7c5d64dd-600a-11e6-a6c3-14dae9d210b8)

The implementation of the TIOCGSERIAL ioctl2 does not clear the output struct before copying it out to userland. The implementation of the Linux sysinfo system call does not clear the output struct before copying it out to userland. Impact : An unprivileged user can read a portion of uninitialise...

FreeBSD : FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer (7cad4795-600a-11e6-a6c3-14dae9d210b8)

The implementation of historic stat2 system call does not clear the output struct before copying it out to userland. Impact : An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions of the file cache or...

Linux kernel competitive conditions vulnerability (CNVD-2016-04425)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A contention condition vulnerability exists in the 'vopioctl' function in the drivers/misc/mic/vop/vopvringh.c file in Linux kernel 4.6 and earlier. A local attacker can explo...

Linux kernel information disclosure vulnerability (CNVD-2016-04424)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the 'schedreadattr' function in the kernel/sched/core.c file in versions of Linux kernel 3.14-rc4 prior to 3.14-rc, which stems from a progr...

CVE-2016-5244

The rdsincinfocopy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message...

CVE-2016-5243

The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

CVE-2016-5243

The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

CVE-2016-5244

CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...

CVE-2016-5243

The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)

The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils wa...

Apple Mac OSX - Kernel Stack Buffer Overflow in GeForce GPU Driver

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=724 nvAPIClient::Escape is the sole external method of nvAcclerator userclient type 0x2a0. It implements its own method and parameter demuxing using the struct-in struct-out buffer...

Linux kernel information disclosure vulnerability (CNVD-2016-03868)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the 'rdsincinfocopy' function in the net/rds/recv.c file of the Linux kernel, which stems from the program's failure to...

FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer

Problem Description: The implementation of historic stat2 system call does not clear the output struct before copying it out to userland. Impact: An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions ...