29 matches found
Improper Isolation or Compartmentalization
Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the mounting of host directories in read-only mode into VM. An attacker can gain unauthorized write access to the host filesystem by remounting a shared directory as read-write from within t...
EUVD-2005-2876
Malware in sbrugna...
PT-2025-18551 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free bug has been identified in the nilfs2 filesystem. This issue occurs when a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is...
CVE-2024-57892
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqipriv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quotagetnextquota. Specifically, sbdqinfosb,...
CVE-2024-57892
CVE-2024-57892 relates to the Linux kernel OCFS2 quota handling. The issue is a slab-use-after-free when remounting an ocfs2 filesystem as read-only and a quota_getnextquota syscall is used. The root cause is a dangling dqi_priv pointer that is freed during remount but not cleared, combined with ...
CVE-2024-57892 ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqipriv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quotagetnextquota. Specifically, sbdqinfosb,...
CVE-2024-57892 ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqipriv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quotagetnextquota. Specifically, sbdqinfosb,...
Linux kernel 数字错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check for stripe size compatibility when remounting in the ext4 file system...
kernel: efivarfs: force RO when remounting if SetVariable is not supported
A flaw was found in the Linux kernel, which involves the improper handling of the efivarfs filesystem when the firmware does not support the SetVariable function at runtime. Specifically, even if efivarfs is initially mounted as read-only RO, it can be remounted as read-write RW without checking ...
CVE-2021-47342 ext4: fix possible UAF when remounting r/o a mmp-protected file system
In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6 "ext4: fix memory leak in ext4fillsuper", after the file system is remounted read-only, there is a race where the kmmpd thread can...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can...
CVE-2023-52463 efivarfs: force RO when remounting if SetVariable is not supported
In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-519)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-519 advisory. 2024-12-05: CVE-2024-35839 was added to this advisory. 2024-12-05: CVE-2023-52683 was added to this advisory. 2024-12-05: CVE-2023-52693 was added to this advisory. 2024-12-05: CVE-2023-52679 w...
Ubuntu: Security Advisory (USN-2415-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2416-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2419-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2421-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-8522
CVE-2019-8522 affects macOS DiskArbitration. The issue is a logic flaw in state management that could allow an encrypted volume to be unmounted and remounted by a different user without prompting for a password. Apple lists this vulnerability under macOS Mojave 10.14.3/10.14.4 context and explici...
USN-2419-1: Linux kernel (Trusty HWE) vulnerabilities
A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...
USN-2415-1: Linux kernel vulnerability
Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service memory corruption or OOPS. CVE-2014-4608 Andy Lutomirski discovered that the Linux kernel was not checking the CAPSYSADMIN when remounting...