1253 matches found
CVE-2021-46927 nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert
In the Linux kernel, the following vulnerability has been resolved: nitroenclaves: Use getuserpagesunlocked call to handle mmap assert After commit 5b78ed24e8ec "mm/pagemap: add mmapassertlocked annotations to findvma", the call to getuserpages will trigger the mmap assert. static inline void...
CVE-2021-46927
In the Linux kernel, the following vulnerability has been resolved: nitroenclaves: Use getuserpagesunlocked call to handle mmap assert After commit 5b78ed24e8ec "mm/pagemap: add mmapassertlocked annotations to findvma", the call to getuserpages will trigger the mmap assert. static inline void...
Linux kernel security vulnerabilities
The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from the use of the getuserpagesunlocked call to handle mmap assertions...
SUSE CVE-2023-52438
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
kernel: net/packet: slab-out-of-bounds access in packet_recvmsg()
An out-of-bounds access issue was found in the Linux kernel networking subsystem in the way raw packet sockets AFPACKET used PACKETCOPYTHRESH and mmap operations. A local attacker with CAPNETRAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or privilege...
CVE-2023-52438
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
DEBIAN-CVE-2023-52438
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
CVE-2023-52438
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
UBUNTU-CVE-2023-52438
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
CVE-2023-52438 binder: fix use-after-free in shinker's callback
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
CVE-2023-52438
CVE-2023-52438 concerns a Linux kernel use-after-free in the binder shrinker path. The issue arises because the mmap read lock is held during the shrinker’s callback, making alloc->vma unsafe to access when munmap races with shrink. The fix downgrades or avoids the unsafe path by isolating the...
CVE-2023-52438 binder: fix use-after-free in shinker's callback
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
CVE-2023-52438 binder: fix use-after-free in shinker's callback
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
CVE-2023-52438
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h
A flaw was found in pfnswapentrytopage in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmdt x...
CVE-2024-0582
A memory leak flaw was found in the Linux kernel’s iouring functionality in how a user registers a buffer ring with IORINGREGISTERPBUFRING, mmap it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system...
CVE-2024-0582
A memory leak flaw was found in the Linux kernel’s iouring functionality in how a user registers a buffer ring with IORINGREGISTERPBUFRING, mmap it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system...
Linux 6.4 io_uring Use-After-Free
Linux =6.4: iouring: page UAF via buffer ring mmap Since commit c56e022c0a27 "iouring: add support for user mapped provided buffer ring", landed in Linux 6.4, iouring makes it possible to allocate, mmap, and deallocate "buffer rings". A "buffer ring" can be allocated with iouringregister...,...
Linux 6.4 io_uring Use-After-Free Exploit
Linux =6.4: iouring: page UAF via buffer ring mmap Since commit c56e022c0a27 "iouring: add support for user mapped provided buffer ring", landed in Linux 6.4, iouring makes it possible to allocate, mmap, and deallocate "buffer rings". A "buffer ring" can be allocated with iouringregister...,...