64 matches found
CVE-2024-35215
The CVE-2024-35215 issue affects QNX Software Development Platform (SDP) 7.0 and 7.1, where a NULL pointer dereference in the IP socket options processing of the Networking Stack can allow a local attacker to cause a denial-of-service in the Networking Stack process. This is the explicit root cau...
kernel: tls: fix missing memory barrier in tls_init
In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tlsinit In tlsinit, a write memory barrier is missing, and store-store reordering may cause NULL dereference in tlssetsockopt,getsockopt. CPU0 CPU1 ----- ----- // In tlsinit // In tlsctxcreate c...
UBUNTU-CVE-2021-47304
In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcpinittransfer to not reset icskcainitialized This commit fixes a bug found by syzkaller that could cause spurious double-initializations for congestion control modules, which could cause memory leaks or other problems...
UBUNTU-CVE-2024-35894
In the Linux kernel, the following vulnerability has been resolved: mptcp: prevent BPF accessing lowat from a subflow socket. Alexei reported the following splat: WARNING: CPU: 32 PID: 3276 at net/mptcp/subflow.c:1430 subflowdataready+0x147/0x1c0 Modules linked in: dummy bpftestmodO last unloaded...
SUSE CVE-2012-3552
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service slab corruption and system crash by sending packets to an application that sets socket options during the handling of network traffic...
SUSE CVE-2012-6704
The socksetsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sksndbuf and skrcvbuf, which allows local users to cause a denial of service memory corruption and system crash or possibly have unspecified other impact by leveraging the CAPNETADMIN...
kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses
A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a denial-of-service vulnerability caused by a "use before read" flaw in the sockgetsockopt function in net/core/sock.c. " flaw in the sockgetsockopt function in...
Exploit for CVE-2016-2384
This repository contains proof-of-concept PoC exploits for various vulnerabilities in the Linux kernel. The exploits target different vulnerabilities, including CVE-2016-2384, CVE-2016-9793, and CVE-2017-1000112. CVE-2016-2384 is a use-after-free vulnerability in the usb-midi driver, which allows...
Apple iOS / macOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Optio
Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1140 netagentctlsetopt is the setsockopt handler for netagent control sockets. Options of type NETAGENTOPTIONTYPEREGISTER are handled by netagenthandleregistersetopt. Here's the...
UBUNTU-CVE-2012-6704
The socksetsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sksndbuf and skrcvbuf, which allows local users to cause a denial of service memory corruption and system crash or possibly have unspecified other impact by leveraging the CAPNETADMIN...
CVE-2016-3841
It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
The vulnerability in the net/packet/af_packet.c component of the Linux operating system allows a hacker to trigger a service failure or increase their privileges.
The vulnerability in the net/packet/afpacket.c component of the Linux operating system exists due to insufficient checking of resource states when resources are allowed to be shared among multiple processes. Exploiting this vulnerability can allow an attacker to increase their privileges or cause...
kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.
It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
Important: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.
It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
SUSE-SU-2016:2306-1 Security update for samba
This update for samba provides the following fixes: - CVE-2016-2119: Prevent client-side SMB2 signing downgrade. bsc986869 - Fix possible ctdb crash when opening sockets with htonsIPPROTORAW. bsc969522 - Honor smb.conf socket options in winbind. bsc975131 - Fix ntlm-auth segmentation fault with...
openSUSE Security Update : samba (openSUSE-2016-881)
"This update for samba fixes the following issues : - Prevent client-side SMB2 signing downgrade; CVE-2016-2119; bso11860 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2016-881. The...
kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.
It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...