Linux mremap() TLB Flush Too Late

Linux: mremap TLB flush too late with concurrent ftruncate CVE-2018-18281 Tested on the master branch 4.19.0-rc7+. sysmremap takes current-mm-mmapsem for writing, then calls mremapto-movevma-movepagetables. movepagetables first calls moveptes which takes PTE locks, moves PTEs, and drops PTE locks...

CVE-2008-6107

The 1 sys32mremap function in arch/sparc64/kernel/syssparc32.c, the 2 sparcmmapcheck function in arch/sparc/kernel/syssparc.c, and the 3 sparc64mmapcheck function in arch/sparc64/kernel/syssparc.c, in the Linux kernel before 2.6.25.4, omit some virtual-address range aka span checks when the mrema...

Linux Kernel 2.4.22 "do_brk()" local Root Exploit (PoC)

No description provided by source. ; Christophe Devine devine at cr0.net and Julien Tinnes julien at cr0.org ; ; This exploit uses sysbrk directly to expand his break and doesn't rely ; on the ELF loader to do it. ; ; To bypass a check in sysbrk against available memory, we use a high ; virtual...

Linux Kernel <= 2.4.23, <= 2.6.0 - "do_mremap" Local Proof of Concept

No description provided by source. / Proof-of-concept exploit code for domremap Copyright C 2004 Christophe Devine and Julien Tinnes This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...

Linux Kernel <= 2.4.23, <= 2.6.0 - mremap() Bound Checking Root Exploit

No description provided by source. / Linux kernel mremap bound checking bug exploit. Bug found by Paul Starzetz paul isec pl Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED AS IS AND WITHOUT ANY WARRANTY. COPYING, PRINTING...

Linux Kernel <= 2.2.25, <= 2.4.24, <= 2.6.2 - "mremap()" Missing "do_munmap" Exploit

No description provided by source. / mremap missing domunmap return check kernel exploit gcc -O3 -static -fomit-frame-pointer mremappte.c -o mremappte ./mremappte suid shell Vulnerable kernel versions are all = 2.2.25, = 2.4.24 and = 2.6.2 Copyright c 2004 iSEC Security Research. All Rights...

Linux Kernel <= 2.2.25, <= 2.4.24, <= 2.6.2 - "mremap()" Local Proof-of-Concept (2)

No description provided by source. / Proof-of-concept exploit code for domremap 2 Copyright C 2004 Christophe Devine This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either versi...

CVE-2011-2496

Integer overflow in the vmatoresize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service BUGON and system crash via a crafted mremap system call that expands a memory mapping...

Integer overflow

Integer overflow in the vmatoresize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service BUGON and system crash via a crafted mremap system call that expands a memory mapping...

CVE-2011-2496

CVE-2011-2496 affects the Linux kernel prior to 2.6.39. An integer overflow in vma_to_resize (mm/mremap.c) lets local users trigger a BUG_ON and system crash via a crafted mremap call that expands a memory mapping. Mitigation: upgrade to kernel 2.6.39 or later where the issue is fixed. The connec...

kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions

Integer overflow in the vmatoresize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service BUGON and system crash via a crafted mremap system call that expands a memory mapping...

CVE-2011-2496

Integer overflow in the vmatoresize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service BUGON and system crash via a crafted mremap system call that expands a memory mapping...

UBUNTU-CVE-2011-2496

Integer overflow in the vmatoresize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service BUGON and system crash via a crafted mremap system call that expands a memory mapping...

kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions

Integer overflow in the vmatoresize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service BUGON and system crash via a crafted mremap system call that expands a memory mapping...

DSA-2310-1 linux-2.6 - several issues

Bulletin has no description...

[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2303-2 [email protected] http://www.debian.org/security/ Dann Frazier September 10, 2011 http://www.debian.org/security/faq -...

kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions

Integer overflow in the vmatoresize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service BUGON and system crash via a crafted mremap system call that expands a memory mapping...

Debian DSA-2303-2 : linux-2.6 - privilege escalation/denial of service/information leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows loc...

DSA-2303-1 linux-2.6 - several issues

Bulletin has no description...

CentOS Update for kernel CESA-2010:0504 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...