CVE-2021-3491

A flaw was found in the Linux kernel. The iouring PROVIDEBUFFERS operation allowed the MAXRWCOUNT limit to be bypassed, which led to negative values being used in memrw when reading /proc//mem. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem Exploit

Linux memrw - accessremotevm - accessremotevm - getuserpagesremote - getuserpageslocked - getuserpages - findextendvma Then, if the VMA in question has the VMGROWSDOWN flag set: expandstack - expanddownwards - securitymmapaddr - capmmapaddr This, if the address is below dacmmapminaddr, does a...

OpenSSH &lt; 6.6 SFTP - Command Execution

OpenSSH 8 else 32 print "+ bit libc mapped @ -, path: ".formatBITS, addr0, addr1, path libcbase = intaddr0, 16 libcpath = path if "stack" in line: addr = addr.split"-" saddrstart = intaddr0, 16 saddrend = intaddr1, 16 print "+ Stack mapped @ -".formataddr0,...

Linux Kernel local privilege escalation via SUID /proc/pid/mem write

Overview Linux kernel = 2.6.39 incorrectly handles the permissions for /proc//mem. A local, authenticated attacker could exploit this vulnerability to escalate to root privileges. Exploit code is available in the wild and there have been reports of active exploitation. Description /proc//mem is a...

USN-1342-1: Linux kernel (Oneiric backport) vulnerability

Jüri Aedla discovered that the kernel incorrectly handled /proc//mem permissions. A local attacker could exploit this and gain root privileges...

USN-1336-1: Linux kernel vulnerability

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. CVE-2011-2203 A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain ro...