CVE-2020-7460

In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...

FreeBSD-SA-20:23.sendmsg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:23.sendmsg Security Advisory The FreeBSD Project Topic: sendmsg2 privilege escalation Category: core Module: kernel compat32 Announced: 2020-08-05 Credits:...

FreeBSD -- sendmsg(2) privilege escalation

Problem Description: When handling a 32-bit sendmsg2 call, the compat32 subsystem copies the control message to be transmitted if any into kernel memory, and adjusts alignment of control message headers. The code which performs this work contained a time-of-check to time-of-use TOCTOU vulnerabili...

Teeworlds Access Control Error Vulnerability

Teeworlds is a multiplayer online shooter. A security vulnerability exists in the CServer::SendMsg file in engine/server/server.cpp in versions 0.7.x prior to Teeworlds 0.7.5. A remote attacker could use this vulnerability to shut down the server...

CVE-2020-12066

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server...

CVE-2020-12066

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server...

DEBIAN-CVE-2020-12066

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server...

Code injection

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server...

UBUNTU-CVE-2020-12066

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server...

CVE-2020-12066

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server...

CVE-2020-12066

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server...

CVE-2020-12066

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server...

Linux 5.3 Insecure Root Path Handling Exploit

Linux versions 5.3 and above appear to have an issue where iouring suffers from insecure handling of the root directory for path lookups. Linux =5.3: iouring: insecure handling of root directory for path lookups When I saw today, I realized that this is not just a small correctness issue, but als...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as the sendmsg function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service...

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel

Linux 5.3 - Privilege Escalation via iouring Offload of sendmsg onto Kernel Thread with Kernel Creds Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG...

Linux sendmsg() Privilege Escalation

Linux: privilege escalation via iouring offload of sendmsg onto kernel thread with kernel creds Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG submission...

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds

Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG submission queue entries, which cause sendmsg to be called either in syscall context in the original task, o...

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds

Linux 5.3 - Privilege Escalation via iouring Offload of sendmsg onto Kernel Thread with Kernel Creds Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG...

CVE-2019-19396

illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ipattr.c mishandles connixa dereferences...

CVE-2019-19396

illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ipattr.c mishandles connixa dereferences...