[SECURITY] Fedora 30 Update: libxmlb-0.1.8-2.fc30

XML is slow to parse and strings inside the document cannot be memory mappe d as they do not have a trailing NUL char. The libxmlb library takes XML source, and converts it to a structured binary representation with a deduplicated string table -- where the strings have the NULs included. This...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation

Windows: LUAFV Delayed Virtualization Cache Manager Poisoning EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver can confuse the cache and memory manager to replace the...

Intel® Core Processors Memory Mapping Advisory

Summary: A potential security vulnerability in some microprocessors may allow information disclosure. Vulnerability Details: CVEID: CVE-2019-0162 Description: Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information...

MGASA-2019-0120 Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 4.14.106 and fixes at least the following security issue: In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on...

Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem

By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. Th...

Information Disclosure

kernel is vulnerable to information disclosure attacks. The vulnerability exists through an integer overflow in the fbmmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a...

SUSE-SU-2018:4191-1 Security update for tiff

This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function bsc1115717. - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function bsc1054594. - CVE-2016-10094: Fixed...

Xen elevation of privilege vulnerability (CNVD-2019-07942)

Xen is an open source virtual machine monitor developed by the Xen Project. An elevation of privilege vulnerability exists in 4.11.x and earlier versions of Xen on AMD x86 platforms, which stems from the fact that a TLB refresh is sometimes not performed after an IOMMU mapping change, and can be...

Xen elevation of privilege vulnerability (CNVD-2019-07941)

Xen is an open source virtual machine monitor developed by the Xen Project. An elevation of privilege vulnerability exists in 4.11.x and earlier versions of Xen on AMD x86 platforms, which stems from the failure of small IOMMU mappings to be securely combined into larger IOMMU mappings, which can...

ALPINE-CVE-2018-19964

An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service host OS hang because the p2m lock remains unavailable indefinitely in certain error conditions...

ALPINE-CVE-2018-19961

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes...

kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service

By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...

UBUNTU-CVE-2018-17182

An issue was discovered in the Linux kernel through 4.18.8. The vmacacheflushall function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free and possibly gain privileges via certain thread creation, map, unmap, invalidation, and dereference operations...

DEBIAN-CVE-2018-1120

A flaw was found affecting the Linux kernel before version 4.17. By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the...

KLA11221 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows . Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service and possibly to bypass security restrictions. Below is a complete list of...

DEBIAN-CVE-2018-7740

The resvmaprelease function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service BUG via a crafted application that makes mmap system calls and has a large pgoff argument to the remapfilepages system call...

CVE-2017-6282

NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high...

NoMachine nxfuse Privilege Escalation

from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3 STATUSINVALIDHANDLE = 0xC0000008 shellcodelen = 90 s = aa s +=...

NoMachine x64 < 6.0.80 - nxfuse Privilege Escalation Exploit

Exploit for windows platform in category local exploits from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3...

NoMachine 6.0.80 (x64) - nxfuse Privilege Escalation

NoMachine 6.0.80 x64 - nxfuse Privilege Escalation from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3...