87 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly recover freehugepages during memfdpinfolios and unpinfolios, which could lead to a...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from incorrect handling of file mapping to obtain a contiguous folio when using memfdpinfolios with the hugetlb...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a folio allocation contention in memfdpinfolios...
New Python-Based Fileless Malware Named ‘PyLoose’ Targeting Cloud Environments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new fileless attack called PyLoose targets cloud workloads by loading an XMRig Miner directly into memory using Python code and the memfd technique. This evasive attack highlights the need for advanced...
Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining
A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal. "The attack consists of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique,"...
kernel: mm/secretmem: fix panic when growing a memfd_secret
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix panic when growing a memfdsecret When one tries to grow an existing memfdsecret with ftruncate, one gets a panic 1. For example, doing the following reliably induces the panic: fd = memfdsecret; ftruncatefd, 10;...
Linux systemd Line Splitting
systemd: reexec state injection: fgets on overlong lines leads to line splitting CVE-2018-15686 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When system...