initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection

In the May 2017 Android Security Bulletin, Google released a patch to a critical and unique vulnerability CVE-2016-10277 in the Nexus 6 bootloader we had found and responsibly disclosed. By exploiting the vulnerability, a physical adversary or one with authorized-ADB/fastboot USB access to the...

Android Futex Requeue Kernel Exploit

This Metasploit module exploits a bug in futexrequeue in the linux kernel. Any android phone with a kernel built before June 2014 should be vulnerable. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web sit...

DEBIAN-CVE-2013-1772

The logprefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service buffer overflow and system crash by leveraging /dev/kmsg write access and triggering a...

kernel: bug in GFS/GFS2 locking code leads to dos

The gfs2lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfslock function in the Linux kernel on Red Hat Enterprise Linux RHEL 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a...

kernel: r8169 issue reported at 26c3

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to 1 cause a denial of service temporary network outage via a packet with a crafted size, in conjunction with...

CIFS signing sec= mount options don't work correctly

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request...

Linux Kernel ""do_mremap"" Local Proof of Concept II

No description provided by source. / Proof of concept code for testing domremap Linux kernel bug. It is based on the code by Christophe Devine and Julien Tinnes posted on Bugtraq mailing list on 5 Jan 2004 but it's safer since it avoids any kernel data corruption. The following test was done...

Linux kernel signed/unsigned conversion bug

Signed/unsigned conversion bug during processing of NFSv3 XDR data leads to buffer overflow...

Sendmail Workaround for Linux Capabilities Bug

-----BEGIN PGP SIGNED MESSAGE----- SENDMAIL SECURITY TEAM ADVISORY Sendmail Workaround for Linux Capabilities Bug The Sendmail Consortium and Sendmail, Inc. has been informed of a serious problem in the Linux kernel that can be used to get root access. This is not a sendmail security problem,...