PT-2020-4970 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.7.11 Description: A race condition exists between certain expand functions expand downwards and expand upwards and page-table free operations from an munmap call. This issue can be exploited to cause a denial ...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service. A local user is able to crash the system via vectors involving munmap and close system call due to multiple race conditions in the function madviseremove in mm/madvise.c...

Android - binder Use-After-Free of VMA via race Between reclaim and munmap Exploit

Android - binder Use-After-Free of VMA via race Between reclaim and munmap The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. There is ...

Android - binder Use-After-Free of VMA via race Between reclaim and munmap

Android - binder Use-After-Free of VMA via race Between reclaim and munmap The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. There is ...

Android - binder Use-After-Free of VMA via race Between reclaim and munmap

The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. There is a race condition between the direct reclaim path enters binder through the...

Android - Inter-Process munmap due to Race Condition in ashmem

The MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a Bundle and transferred via binder to remote processes. Instead of...

Android: Ashmem race conditions in android.util.MemoryIntArray (CVE-2017-0412)

The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the Parcelable interface, it can be passed within a Parcel or a Bundle and transferred via binder to remote processes. Instead of directly tracking...

Google Android - android.util.MemoryIntArray Ashmem Race Conditions Vulnerability

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1002 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the Parcelable interface, ...

Google Android - Inter-process munmap in android.util.MemoryIntArray Vulnerability

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1001 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the Parcelable interface, ...

Google Android - Inter-process munmap in android.util.MemoryIntArray

Google Android - Inter-process munmap in android.util.MemoryIntArray Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1001 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the...

Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=928 Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists a code path which allows Bitmaps to be shared between...

Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap

Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=928 Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order...

FreeBSD Kernel (FreeBSD 10.2 x64) - sendmsg Kernel Heap Overflow (PoC)

FreeBSD Kernel FreeBSD 10.2 x64 - sendmsg Kernel Heap Overflow PoC include include include include include include include include include include void atagetxportvoid; int kprintfconst char fmt, ...; char ostype; void resolvechar name struct kldsymlookup ksym; ksym.version = sizeofksym;...

Linux Kernel 'perf_count_sw_cpu_clock' event Denial of Service

No description provided by source. //Vince / Error with overflows and perf::perfcountswcpuclock / / This test will crash Linux 3.0.0 / / compile with gcc -O2 -o ofloswcpuclockcrash ofloswcpuclockcrash.c / / by Vince Weaver vweaver1 at eecs.utk.edu / define GNUSOURCE 1 include stdio.h include...

Linux kernel 2.2 ldd core Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/344/info Due to a rare and subtle bug in the 2.2.0 kernel, a linux machine can be forced to reboot by an unpriviliged local user. The reason for this is because of the invalid ELF core layout and the fact that munmap wipe...

kernel: mm: use-after-free in madvise_remove()

Multiple race conditions in the madviseremove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service use-after-free and system crash via vectors involving a 1 munmap or 2 close system call...

kernel: mm: use-after-free in madvise_remove()

Multiple race conditions in the madviseremove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service use-after-free and system crash via vectors involving a 1 munmap or 2 close system call...

kernel: mm: use-after-free in madvise_remove()

Multiple race conditions in the madviseremove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service use-after-free and system crash via vectors involving a 1 munmap or 2 close system call...

CVE-2012-3511

Multiple race conditions in the madviseremove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service use-after-free and system crash via vectors involving a 1 munmap or 2 close system call...

DEBIAN-CVE-2012-3511

Multiple race conditions in the madviseremove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service use-after-free and system crash via vectors involving a 1 munmap or 2 close system call...