EUVD-2018-9712

Malware in sbrugna...

K27673650: Linux kernel vulnerability CVE-2018-17972

Security Advisory Description An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel...

CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1223)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0177)

The remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the...

Information Disclosure

Linux kernel is vulnerable to information disclosure vulnerability. The vulnerability exists in the procpidstack function in fs/proc/base.c in the Linux kernel. Local attackers could obtain kernel task stack contents that may lead to further attacks...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS attacks. The vulnerability exists in the function procpidstack of the file fs/proc/base.c when a user able to mount FUSE filesystems creating a process such that when another process attempting to read its command line will be blocked for a long...

kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4532)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4532 advisory. - ext4: validate that metadata blocks do not overlap superblock Theodore Ts'o Orabug: 28220451 CVE-2018-1094 - ext4: always initialize the crc32c...

Linux Kernel 'fs/proc/base.c' Local Information Disclosure Vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'procpidstack' function in the fs/proc/base.c file in Linux kernel versions 4.18.11 and earlier. A local attacker can exploit th...

Stack overflow

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

CVE-2018-17972

The CVE-2018-17972 issue affects the Linux kernel (proc_pid_stack in fs/proc/base.c) up to 4.18.11, where an attacker with local access could exploit race in stack unwinding to leak kernel task stack contents. The root cause is insufficient restriction on inspecting kernel stacks, enabling local ...