Kernel: KVM: OOB memory access via mmio ring buffer

An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...

UBUNTU-CVE-2019-14821

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last'...

DEBIAN-CVE-2019-14821

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last'...

CVE-2018-14745

Buffer overflow in protgetringspace in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker who has obtained code execution on the Wi-Fi chip to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is...

CVE-2018-14745

Buffer overflow in protgetringspace in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker who has obtained code execution on the Wi-Fi chip to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is...

CVE-2018-14745

CVE-2018-14745 affects the bcmdhd4358 Wi‑Fi driver in the Samsung Galaxy S6 (SM-G920F). The flaw is a buffer overflow in prot_get_ring_space caused by improper validation of the ring buffer read pointer, enabling an attacker who already has code execution on the Wi‑Fi chip to overwrite kernel mem...

Use-After-Free

Linux kernel is vulnerable to privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKETV3 ring buffer. A local user able to op...

CVE-2018-1000800

zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sysringbufput, sysringbufget that can result in CPU Page Fault error code 0x00000010. This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs system sysringbufget and...

kernel: Heap out-of-bounds read in AF_PACKET sockets

A race condition issue was found in the way the raw packet socket implementation in the Linux kernel networking subsystem handled synchronization. A local user able to open a raw packet socket requires the CAPNETRAW capability could use this to waste resources in the kernel's ring buffer or...

kernel: Heap out-of-bounds read in AF_PACKET sockets

A race condition issue was found in the way the raw packet socket implementation in the Linux kernel networking subsystem handled synchronization. A local user able to open a raw packet socket requires the CAPNETRAW capability could use this to waste resources in the kernel's ring buffer or...

CVE-2017-1000111

A race condition issue was found in the way the raw packet socket implementation in the Linux kernel networking subsystem handled synchronization. A local user able to open a raw packet socket requires the CAPNETRAW capability could use this to waste resources in the kernel's ring buffer or...

The vulnerability of the ring_buffer_resize function in the Linux kernel’s profiling subsystem allows a hacker to increase their privileges.

The vulnerability of the ringbufferresize function in the Linux kernel’s profiling subsystem arises due to integer overflow or cyclic shift attacks. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges by writing to the file in the...

Virtuozzo 7 : readykernel-patch (VZA-2017-007)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A double free vulnerability was found in netlinkdump, which could cause a denial of service or possibly other...

Linux kernel local integer overflow vulnerability (CNVD-2017-00226)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. The 'ringbufferresize' function in the kernel/trace/ringbuffer.c file of the profiling subsystem in versions of the Linux kernel prior to 4.6.1 has a security vulnerability du...

DEBIAN-CVE-2016-9754

The ringbufferresize function in kernel/trace/ringbuffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffersizekb file...

Design/Logic Flaw

The ringbufferresize function in kernel/trace/ringbuffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffersizekb file...

CVE-2016-9754

An integer overflow vulnerability was found in the ringbufferresize calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to ...

UBUNTU-CVE-2016-9754

The ringbufferresize function in kernel/trace/ringbuffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffersizekb file...

CVE-2016-3070

A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at tracewritebackdirtypage, because aiofsbackingdevinfo.dev is 0...

kernel: Null pointer dereference in trace_writeback_dirty_page()

A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at tracewritebackdirtypage, because aiofsbackingdevinfo.dev is 0...