DEBIAN-CVE-2019-15794

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

Input validation

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

CVE-2019-15794

CVE-2019-15794 describes a refcount underflow in the overlayfs/shiftfs error path when used with aufs patches. Specifically, both the Overlayfs and shiftfs patches in the Ubuntu 5.0 and 5.3 kernel series replace vma->vm_file in mmap handlers, and on error do not restore the original value; the...

CVE-2019-15794 Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

CVE-2019-15794

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

Denial Of Service (DoS)

The kernel packages is vulnerable to denial of service DoS.It was found that an mmap call with the MAPPRIVATE flag on "/dev/zero" would create transparent hugepages and trigger a certain robustness check. A local, unprivileged user could use this flaw to cause a denial of service...

CVE-2018-7740

The resvmaprelease function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service BUG via a crafted application that makes mmap system calls and has a large pgoff argument to the remapfilepages system call...

CVE-2019-9213

A flaw was found in mmap in the Linux kernel allowing the process to map a null page. This allows attackers to abuse this mechanism to turn null pointer dereferences into workable exploits. Mitigation Enabling selinux prevents the public exploit from working correctly...

CVE-2018-12714

An issue was discovered in the Linux kernel in the filter parsing code in kernel/trace/traceeventsfilter.c. The code could be called with no filter when it expected at least one, which allows attackers to cause a slab out-of-bounds write and so a denial of service via crafted perfeventopen and mm...

CVE-2019-10585

Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053...

Integer overflow

Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053...

CVE-2019-10585

CVE-2019-10585 describes a potential integer overflow in the mmap find function that increments a refcount on invocation, which can lead to a use-after-free condition in Qualcomm Snapdragon components (across Snapdragon Auto/Compute/Consumer IoT/Industrial IoT, Mobile, Wearables; list includes AP...

CVE-2019-10585

Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053...

Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN

Android - ashmem Readonly Bypasses via remapfilepages and ASHMEMUNPIN This bug report describes two ways in which an attacker can modify the contents of a read-only ashmem fd. I'm not sure at this point what the most interesting user of ashmem is in the current Android release, but there are...

Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN

This bug report describes two ways in which an attacker can modify the contents of a read-only ashmem fd. I'm not sure at this point what the most interesting user of ashmem is in the current Android release, but there are various users, including Chrome and a bunch of utility classes. In AOSP...

Android ashmem Read-Only Bypasses

Android: ashmem readonly bypasses via remapfilepages and ASHMEMUNPIN This bug report describes two ways in which an attacker can modify the contents of a read-only ashmem fd. I'm not sure at this point what the most interesting user of ashmem is in the current Android release, but there are vario...

CVE-2018-1120

By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...

CVE-2019-18675

The Linux kernel through 5.3.13 has a startoffset+size Integer Overflow in cpia2remapbuffer in drivers/media/usb/cpia2/cpia2core.c because cpia2 has its own mmap implementation. This allows local users with /dev/video0 access to obtain read and write permissions on kernel physical pages, which ca...

CVE-2019-18675

The Linux kernel through 5.3.13 has a startoffset+size Integer Overflow in cpia2remapbuffer in drivers/media/usb/cpia2/cpia2core.c because cpia2 has its own mmap implementation. This allows local users with /dev/video0 access to obtain read and write permissions on kernel physical pages, which ca...

CVE-2019-18675

The Linux kernel through 5.3.13 has a startoffset+size Integer Overflow in cpia2remapbuffer in drivers/media/usb/cpia2/cpia2core.c because cpia2 has its own mmap implementation. This allows local users with /dev/video0 access to obtain read and write permissions on kernel physical pages, which ca...