413 matches found
Deserialization of untrusted data
illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ipattr.c mishandles connixa dereferences...
CVE-2019-19396
illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ipattr.c mishandles connixa dereferences...
PT-2019-15838 · Illumos · Illumos
Name of the Vulnerable Software and Affected Versions: illumos versions prior to r151030y Description: The issue allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket. This is because uts/common/inet/ip/ip attr.c mishandles conn ixa...
PT-2019-4661 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.4.2 Description: The issue is related to the io uring feature in the Linux kernel, which can lead to requests being executed with UID 0 and full capabilities, even when initiated by an unprivileged user. This...
Arbitrary Code Execution
kernel is vulnerable to arbitrary code execution. The vulnerability exists as the kernel improperly handles options data, causing arbitrary code execution through sendmsg system call...
PT-2019-1635 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.20.8 Linux Kernel versions prior to 4.19.21 Description: A use-after-free error in the sctp sendmsg function when handling the SCTP SENDALL flag can be exploited to corrupt memory, potentially allowing an...
Debian DLA-1392-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. CVE-2018-1093 Wen Xu reported that a crafted ext4 filesystem image could trigger an out-of-bounds read in the ext4validblockbitmap function. A local user able to mount arbitrary filesystems coul...
FreeBSD Kernel (FreeBSD 10.2 x64) - sendmsg Kernel Heap Overflow (PoC) Exploit
Exploit for freebsd platform in category dos / poc include include include include include include include include include include void atagetxportvoid; int kprintfconst char fmt, ...; char ostype; void resolvechar name struct kldsymlookup ksym; ksym.version = sizeofksym; ksym.symname = name;...
Important: kernel
Issue Overview: Race condition in rawsendmsg function allows denial-of-service or kernel addresses leak A flaw was found in the Linux kernel's implementation of rawsendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of...
Linux kernel 'raw_sendmsg()' function competitive conditions vulnerability
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A competitive condition vulnerability exists in the 'rawsendmsg' function in the net/ipv4/raw.c file in Linux kernel 4.14.6 and earlier versions. A local attacker can...
PT-2017-14963 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.14.6 Description: The issue is related to a race condition in the raw sendmsg function, specifically in the inet-hdrincl component, which leads to the usage of an uninitialized stack pointer. This condition...
Juniper Junos sendmsg Local Privilege Escalation (JSA10797)
According to its self-reported version number, the remote Juniper Junos device is affected by a heap-based buffer overflow condition in the sendmsg system call, specifically due to incorrect handling of arguments in the sockargs function in sys/kern/uipcsyscalls.c. A local attacker can exploit th...
Juniper Networks Junos OS DoS Vulnerability
Junos OS is prone to a denial of service vulnerability in sendmsg. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"...
CVE-2016-9806
Race condition in the netlinkdump function in net/netlink/afnetlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service double free or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation...
CVE-2016-9806
Race condition in the netlinkdump function in net/netlink/afnetlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service double free or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation...
Race condition
Race condition in the netlinkdump function in net/netlink/afnetlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service double free or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation...
CVE-2016-9806
Race condition in the netlinkdump function in net/netlink/afnetlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service double free or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation...
DEBIAN-CVE-2016-9806
Race condition in the netlinkdump function in net/netlink/afnetlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service double free or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation...
CVE-2016-9806
Race condition in the netlinkdump function in net/netlink/afnetlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service double free or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation...
CVE-2016-3841
It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...