Linux Kernel PIE Stack Buffer Corruption Vulnerability

Linux kernel contains a position-independent executable PIE stack buffer corruption vulnerability in loadelf binary that allows a local attacker to escalate privileges...

GSD-2022-1006664 fs/binfmt_elf: Fix memory leak in load_elf_binary()

fs/binfmtelf: Fix memory leak in loadelfbinary This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...

VulnCheck KEV: CVE-2017-1000253

Linux kernel contains a position-independent executable PIE stack buffer corruption vulnerability in loadelf binary that allows a local attacker to escalate privileges...

CVE-2019-11190

A flaw in the loadelfbinary function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because installexeccreds is called too late in this function...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1586)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2019-4646)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4646 advisory. - USB: hso: Fix OOB memory access in hsoprobe/hsogetconfigdata Hui Peng CVE-2018-19985 CVE-2018-19985 Tenable has extracted the preceding descripti...

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID...

CVE-2019-11190

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...

CVE-2019-11190

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...

Oracle Linux 6 : kernel (ELSA-2017-2863)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2863 advisory. - net l2cap: prevent stack overflow on incoming bluetooth packet Neil Horman 1490060 1490062 CVE-2017-1000251 - fs binfmtelf.c:loadelfbinary: return -EINVAL on...

CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 backported to Linux 3.10.7...

UBUNTU-CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 backported to Linux 3.10.7...

Mandriva Update for kernel MDVSA-2010:066 (kernel)

Check for the Version of kernel OpenVAS Vulnerability Test Mandriva Update for kernel MDVSA-2010:066 kernel Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

kernel security and bug fix update

2.6.9-89.0.23.0.1 - XEN fix cpu hotplug crash Joe Jin orabug 7521308 - XEN Bring up vcpus before khelper init Joe Jin orabug 7521308 - XEN flush the tlb cache immediately Dave McCracken, Scott Shi orabug 9138767 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug...

DSA-1996-1 linux-2.6 - several vulnerabilities

Bulletin has no description...

Linux Kernel 64位Personality处理本地拒绝服务漏洞

BUGTRAQ ID: 38027 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在设置进程的personality时存在错误，本地用户在执行缺少ELF解释器的64位应用时可能触发分段错误，导致内核崩溃。 漏洞起因是fs/binfmtelf.c文件中的loadelfbinary函数，该函数在检查ELF解释器可用之前调用了 SETPERSONALITY，将之前的32位进程转换为了64位进程。如果execve成功，这不会导致问题，但在...

Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilities

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability i...