Integer overflow

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and...

CVE-2016-8733

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and...

CVE-2016-9031

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and...

CVE-2016-9031

Affected: Joyent SmartOS Hyprlofs IOCTL path. Vulnerability in HYPRLOFS_ADD_ENTRIES (32-bit/native path) where user-supplied length is cast from unsigned to signed, bypassing length checks and causing a large allocation, leading to NULL-page write and potential privilege escalation. Impact: kerne...

CVE-2016-8733

CVE-2016-8733 concerns Joyent SmartOS, specifically the Hyprlofs file system. The vulnerability resides in the Ioctl handling path for HYPRLOFS_ADD_ENTRIES when dealing with native/file-system data models. A user-supplied length (an unsigned integer) is cast to a signed int, bypassing an upper bo...

CVE-2016-8733

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and...

PT-2016-7557 · Joyent · Smartos

Name of the Vulnerable Software and Affected Versions: Joyent SmartOS version 20161110T013148Z Description: An integer overflow issue exists in the Hyprlofs file system, specifically in the Ioctl system call with the command HYPRLOFS ADD ENTRIES when handling native file systems. This can be...

PT-2016-7624 · Joyent · Smartos

Name of the Vulnerable Software and Affected Versions: Joyent SmartOS version 20161110T013148Z Description: An integer overflow exists in the Hyprlofs file system, specifically in the Ioctl system call with the command HYPRLOFS ADD ENTRIES when handling 32-bit file systems. This can cause a kerne...

Joyent SmartOS Hyprlofs FS IOCTL Native File System Integer Overflow Privilege Escalation Vulnerability

Summary An exploitable integer overflow exists in the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel...

[ASA-201612-14] linux-zen: denial of service

Arch Linux Security Advisory ASA-201612-14 ========================================== Severity: High Date : 2016-12-12 CVE-ID : CVE-2016-9919 Package : linux-zen Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package linux-zen before...

Joyent SmartOS Hyprlofs FS IOCTL 32-bit File System Integer Overflow Privilege Escalation Vulnerability

Summary An exploitable integer overflow exists in the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel...

[ASA-201612-11] linux-grsec: denial of service

Arch Linux Security Advisory ASA-201612-11 ========================================== Severity: High Date : 2016-12-10 CVE-ID : CVE-2016-9919 Package : linux-grsec Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package linux-grsec before...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20161115)

Security Fixes : - It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially...

CentOS 6 : kernel (CESA-2016:2766)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CentOS Update for kernel CESA-2016:2766 centos6

Check for the Version of kernel SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882598";...

RHEL 6 : kernel (RHSA-2016:2766)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RedHat Update for kernel RHSA-2016:2766-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Linux Kernel Keyctl Null Pointer Dereference Vulnerability

A malicious interaction with the keyctl usermode interface allows an attacker to crash the kernel. Processing the attached certificate by the kernel leads to a kernel nullpointer dereference. This vulnerably can be triggered by any unprivileged user locally. Local DoS: Linux Kernel Nullpointer...

kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()

A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUGON in the publickeyverifysignature...