Amazon Linux 2 : libudisks2, libudisks2-devel, udisks2 (ALAS-2023-1921)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1921 advisory. A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability...

SUSE-SU-2023:0250-1 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122124 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167. - CVE-2022-3565: Fixed use-after-free in...

Low: udisks2

Issue Overview: A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. CVE-2021-3802 Affected Packages: udisks2 Note: This advisory is applicable to...

SUSE-SU-2023:0238-1 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP4)

This update for the Linux Kernel 4.12.14-95111 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167. - CVE-2022-3565: Fixed use-after-free in deltim...

SUSE-SU-2023:0240-1 Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-150100197111 fixes one issue. The following security issue was fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167...

SUSE-SU-2023:0237-1 Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024134 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167. - CVE-2022-2602: Fixed a local privilege...

SUSE-SU-2023:0235-1 Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-150100197126 fixes one issue. The following security issue was fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167...

SUSE-SU-2023:0231-1 Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-197105 fixes one issue. The following security issue was fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167...

SUSE-SU-2023:0229-1 Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024129 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167. - CVE-2022-2602: Fixed a local privilege...

SUSE-SU-2023:0227-1 Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-150100197123 fixes one issue. The following security issue was fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167...

io_uring Same Type Object Reuse Priv Esc

This module exploits a bug in iouring leading to an additional putcred that can be exploited to hijack credentials of other processes. We spawn SUID programs to get the free'd cred object reallocated by a privileged process and abuse them to create a SUID root binary ourselves that'll pop a shell...

SUSE-SU-2023:0226-1 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP4)

This update for the Linux Kernel 4.12.14-95105 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167. - CVE-2022-3565: Fixed use-after-free in deltim...

io_uring Same Type Object Reuse Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...

io_uring Same Type Object Reuse Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...

PT-2025-13324 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved, which previously caused a kernel panic when probing an illegal position. This occurred when the kprobe's ebreak instruction...

PT-2025-13337 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue has been identified in the Linux kernel. This issue occurs when the frag list is pulled into the linear area, leaving frag list as NULL, which can...

RHEL 7 : kpatch-patch (RHSA-2020:2291)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2291 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

RHEL 8 : kpatch-patch (RHSA-2020:2125)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2125 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fixe...

Exploit for Race Condition in Apple Ipados

CVE-2022-42864: Diabolical Cookies What is this repo? This...

PT-2023-9424 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.10.100-emu x2rc+ Description: The vulnerability is related to the axi chan handle err function in the Linux kernel, which lacks exception protection processing for vd. This can lead to a kernel panic in exceptional case...