CVE-2024-50083 tcp: fix mptcp DSS corruption due to large pmtu xmit

In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: requestsocksubflowv4: Possible SYN flooding on port :::20002. Sending cookies. ------------ cut here ------------ WARNING:...

CVE-2024-47687

The CVE-2024-47687 issue affects the Linux kernel mlx5/vdpa path. It fixes an invalid MR resource destroy where error paths could release uninitialized MR resources. The patch adds a missing check in mlx5_vdpa_destroy_mr_resources() to block destroying non-initialized MR resources, addressing a N...

CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...

CVE-2024-43899

A NULL pointer dereference vulnerability was found in dcn20getdcccompressioncap function in the dcn20resource.c file in the AMD GPU driver in the Linux Kernel. This issue could allow an attacker to make the system hang when using the mpv media player with specific hardware acceleration options...

CVE-2022-48692

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd-result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address:...

CVE-2024-27018 netfilter: br_netfilter: skip conntrack input hook for promisc packets

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaroun...

CVE-2023-52434 smb: client: fix potential OOBs in smb2_parse_contexts()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2parsecontexts Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. This fixes following oops when accessing invalid create contexts from server: BUG: unabl...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

Citrix ADC RCE CVE-2023-3519 This exploit uses addresses and s...

SilentMoonwalk - PoC Implementation Of A Fully Dynamic Call Stack Spoofer

PoC Implementation of a fully dynamic call stack spoofer TL;DR SilentMoonwalk is a PoC implementation of a fully dynamic call stack spoofer, implementing a technique to remove the original caller from the call stack, using ROP to desynchronize unwinding from control flow. Authors This PoC is the...

Echo Mirage 3.1 - Buffer Overflow (PoC)

!/usr/bin/python Exploit Title: Echo Mirage 3.1 Buffer Overflow PoC Stack Overflow Date: 21-01-2019 Software Link: https://sourceforge.net/projects/echomirage.oldbutgold.p/ Version: 3.1 x64 Exploit Author: InitD Community Contact: https://twitter.com/initdsh Website: http://initd.sh/ Tested on:...

Design/Logic Flaw

The 1 Airline Product Set aka ALPS, 2 Serial Tunnel Code aka STUN, 3 Block Serial Tunnel Code aka BSTUN, 4 Native Client Interface Architecture NCIA support, 5 Data-link switching aka DLSw, 6 Remote Source-Route Bridging RSRB, 7 Point to Point Tunneling Protocol PPTP, 8 X.25 for Record Boundary...

CVE-2009-0629

Cisco IOS DLSw feature (12.2, 12.3, 12.4, 15.0, 15.1) is affected by a DoS via a sequence of malformed packets exploiting a narrow timing window (Bug ID CSCtf74999). The related Red Hat/NVD entries describe that this vulnerability can cause device crashes or reloads. Mitigation details are not pr...