Amazon Linux 2 : kernel (ALAS-2019-1179)

A kernel memory leak was found in the kernelreadfile function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service DoS.CVE-2019-8980 A flaw was found in mmap in the Linux kernel allowing the process to map a null page. This...

Amazon Linux AMI : kernel (ALAS-2019-1179)

A kernel memory leak was found in the kernelreadfile function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service DoS. CVE-2019-8980 A flaw was found in mmap in the Linux kernel allowing the process to map a null page. Thi...

Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem

By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. Th...

Null pointer dereference

In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task...

CVE-2019-9213

In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task...

CVE-2019-9213

In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task...

DEBIAN-CVE-2019-9213

In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task...

CVE-2019-9213

In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task...

CVE-2019-9213

In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task...

UBUNTU-CVE-2019-9213

In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task...

macOS 127.0.0.1:4444 Reverse Shell Shellcode (103 bytes)

/ Title: macOS - Reverse 127.0.0.1:4444/TCP Shell /bin/sh + Null-Free Shellcode 103 bytes Tested: macOS 10.14.1 Author: Ken Kitahara Compilation: gcc -o loader loader.c dev:works devuser$ swvers ProductName: Mac OS X ProductVersion: 10.14.1 BuildVersion: 18B75 dev:works devuser$ cat ipv4rev.s...

macOS TCP/4444 Bind Shell Null Free Shellcode (123 bytes)

/ Title: macOS - Bind 4444/TCP Shell /bin/sh + Null-Free Shellcode 123 bytes Tested: macOS 10.14.1 Author: Ken Kitahara Compilation: gcc -o loader loader.c dev:works devuser$ swvers ProductName: Mac OS X ProductVersion: 10.14.1 BuildVersion: 18B75 dev:works devuser$ cat ipv4bind.s section .text...

Linux Kernel 4.13 compat_get_timex() Kernel Pointer Leak

define GNUSOURCE define BSDSOURCE include include include include include include include include include include include include include include include include include include // Ubuntu 4.13.0-16-generic // gcc -o poc poc.c -m32 struct timex time; int mainint argc, char argv int r; unsigned lon...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS attacks. The vulnerability exists as the ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafte...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists through a memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service memory consumption or system crash via invalid MAPHUGETLB mmap operations...

XNU POSIX Shared Memory Mapping Issue Exploit

Exploit for multiple platform in category local exploits XNU: POSIX shared memory mappings have incorrect maximum protection CVE-2018-4435 When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the...

XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection

XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the calling process. It does this with the following code: int prot =...

kernel: Denial of service in resv_map_release function in mm/hugetlb.c

The resvmaprelease function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service BUG via a crafted application that makes mmap system calls and has a large pgoff argument to the remapfilepages system call...

kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service

By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...

kernel: Denial of service in resv_map_release function in mm/hugetlb.c

The resvmaprelease function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service BUG via a crafted application that makes mmap system calls and has a large pgoff argument to the remapfilepages system call...