K17237: Linux kernel vulnerability CVE-2014-7822

Security Advisory Description The implementation of certain splicewrite file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service system crash or possibly have unspecified other impact...

SUSE CVE-2008-2725

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the...

SUSE CVE-2008-2726

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...

SUSE CVE-2008-3833

The genericfilesplicewrite function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified...

SUSE CVE-2008-4302

fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the addtopagecachelru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service kernel BUG and system crash, as...

SUSE CVE-2008-4554

The dosplicefrom function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the OAPPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file...

SUSE CVE-2009-1961

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service prevention of file creation and removal via a series of splice...

SUSE CVE-2013-2128

The tcpreadsock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service system crash via a crafted splice system call for a TCP socket...

SUSE CVE-2014-7822

The implementation of certain splicewrite file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service system crash or possibly have unspecified other impact via a crafted splice system...

SUSE CVE-2017-6214

The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via vectors involving a TCP packet with the URG flag...

SUSE CVE-2022-4696

There exists a use-after-free vulnerability in the Linux kernel through iouring and the IORINGOPSPLICE operation. If IORINGOPSPLICE is missing the IOWQWORKFILES flag, which signals that the operation won't use current-nsproxy, so its reference counter is not increased. This assumption is not alwa...

DEBIAN-CVE-2022-4696

There exists a use-after-free vulnerability in the Linux kernel through iouring and the IORINGOPSPLICE operation. If IORINGOPSPLICE is missing the IOWQWORKFILES flag, which signals that the operation won't use current-nsproxy, so its reference counter is not increased. This assumption is not alwa...

UBUNTU-CVE-2022-4696

There exists a use-after-free vulnerability in the Linux kernel through iouring and the IORINGOPSPLICE operation. If IORINGOPSPLICE is missing the IOWQWORKFILES flag, which signals that the operation won't use current-nsproxy, so its reference counter is not increased. This assumption is not alwa...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from incorrect manipulation of iouring and IORINGOPSPLICE, resulting in memory reuse after release...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847 Dirty Pipe linux kernel lifting analysis toc...

Dirty Pipe Linux Privilege Escalation Exploit

Proof of concept for a vulnerability in the Linux kernel existing since version 5.8 that allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. / SPDX-License-Identifier: GPL-2.0 / / Copyright 20...

GSD-2022-1000506 tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case

tcp: take care of mixed splice/sendmsgMSGZEROCOPY case This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.10 by commit...

CVE-2021-46486

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsiArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service DoS...

SUSE: Security Advisory (SUSE-SU-2015:0581-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2021-1528 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.160 Description: The issue is related to a use-after-free vulnerability in the Linux kernel through io uring and the IORING OP SPLICE operation. If IORING OP SPLICE is missing the IO WQ WORK FILES flag, whi...