USN-5914-1 linux-oem-6.0 vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

Important: kernel

Issue Overview: A logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced...

Important: kernel-livepatch-4.14.181-142.260

Issue Overview: An issue has been reported in the Linux kernel's handling of raw sockets. This issue can be used locally to cause denial of service or local privilege escalation from unprivileged processes or from containers with the CAPNETRAW capability enabled. See Also:...

UBUNTU-CVE-2020-10768

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threa...

prctl.sh.txt

!/bin/sh PRCTL local root exp By: Sunix + effected systems 2.6.13 /tmp/getsuid.c include include include include include include include char payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f...