1255 matches found
CVE-2018-1123
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...
CVE-2018-1123
Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmaped region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash...
UBUNTU-CVE-2018-1120
A flaw was found affecting the Linux kernel before version 4.17. By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the...
UBUNTU-CVE-2018-1123
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...
CVE-2018-7740
The resvmaprelease function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service BUG via a crafted application that makes mmap system calls and has a large pgoff argument to the remapfilepages system call...
Design/Logic Flaw
The resvmaprelease function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service BUG via a crafted application that makes mmap system calls and has a large pgoff argument to the remapfilepages system call...
CVE-2018-7740
The resvmaprelease function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service BUG via a crafted application that makes mmap system calls and has a large pgoff argument to the remapfilepages system call...
CVE-2018-7740
The resvmaprelease function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service BUG via a crafted application that makes mmap system calls and has a large pgoff argument to the remapfilepages system call...
CVE-2018-7740
CVE-2018-7740 affects the Linux kernel, where the resv_map_release function in mm/hugetlb.c up to version 4.15.7 is vulnerable. A local attacker can cause a denial of service by crafting an app that uses mmap and a large pgoff with remap_file_pages, triggering a BUG. The connected Nessus reports ...
CVE-2018-7740
The resvmaprelease function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service BUG via a crafted application that makes mmap system calls and has a large pgoff argument to the remapfilepages system call...
Android - Inter-Process munmap due to Race Condition in ashmem Exploit
Exploit for Android platform in category dos / poc The MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a Bundle and...
Android - Inter-Process munmap due to Race Condition in ashmem
Android - Inter-Process munmap due to Race Condition in ashmem The MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a...
Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page (2)
Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page 2 / The code is modified from https://www.exploit-db.com/exploits/43199/ / define GNUSOURCE include include include include include include include include include include include include define TRIESPERPAGE 20000000 define PAGESIZE...
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (2)
/ The code is modified from https://www.exploit-db.com/exploits/43199/ / define GNUSOURCE include include include include include include include include include include include include define TRIESPERPAGE 20000000 define PAGESIZE 0x1000 define MEMESETVAL 0x41 define MAPSIZE 0x200000 define STRIN...
Linux - mincore() Uninitialized Kernel Heap Page Disclosure Exploit
Linux mincore discloses uninitialized kernel heap pages. When walkpagerange is used on a VMHUGETLB VMA, callbacks from the mmwalk structure are only invoked for present pages. However, domincore assumes that it will always get callbacks for all pages in the range passed to walkpagerange, and when...
Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...
Linux Kernel 4.14.0-rc4+ - waitid() Privilege Escalation Exploit
Exploit for linux platform in category local exploits define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
FreeBSD - FGPE Stack Clash (PoC) Exploit
Exploit for freebsd/x86 platform in category dos / poc / FreeBSDCVE-2017-FGPE.c for CVE-2017-1084 please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Fre...