CVE-2020-11221

Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,...

CVE-2020-11221

CVE-2020-11221 describes a local information-disclosure vulnerability in Qualcomm/ Snapdragon components where a non-secure entity can exploit insufficient checks in the syscall handler to extract secure QTEE diagnostic information in clear text. Affected families include Snapdragon Auto, Compute...

USN-4768-1 musl vulnerabilities

It was discovered that musl did not properly handle kernel syscalls. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. CVE-2018-1000001 It was discovered that musl did not properly handle the parsing of DNS response codes. A remote...

CVE-2020-35501

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem Mitigation This syscall can still be audited by using the syscall auditing feature by passing openbyhandleat to it in the rule. Existing...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists through the syscall implementation on 32-bit systems...

CVE-2020-28588

A flaw read uninitialized values in the Linux kernel syscall implementation on 32 bit-systems was found in the way user reading /proc/self/syscall. A local user could use this flaw to read three 64 bits uninitialized values, but cannot control which values. The highest threat from this...

USN-4752-1: Linux kernel (OEM) vulnerabilities

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proxima...

USN-4750-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2020-25669 It was discovered that the jfs file system implementation in the Linux kernel...

Linux/x64 - execve (cat /etc/shadow) Shellcode (66 bytes)

Exploit Title: Linux/x64 - execve "cat /etc/shadow" Shellcode 66 bytes Author: Felipe Winsnes Tested on: Debian x64 Shellcode Length: 66 / global start start: xor rax, rax ; Zeroes out RAX. xor rbp, rbp ; Zeroes out RBP. push rax ; Pushes RAX's NULL-DWORD. mov rbp, 0x776f646168732f63 ; Moves valu...

CentOS 8 : libseccomp (CESA-2019:3624)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3624 advisory. - libseccomp: incorrect generation of syscall filters in libseccomp CVE-2019-9893 Note that Nessus has not tested for this issue but has instead relied only on...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Kernel: x86_32: BUG in syscall auditing

A flaw was found in the Linux kernel’s system-call auditing supportCONFIGAUDITSYSCALL for 32-bit platforms. It is vulnerable to a crash caused by erroneous handling of bad system call numerals. This issue occurs during syscall2 calls if system-call auditing is enabled on the system. This flaw...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which can be exploited by an attacker to read memory fragments via the Linux kernel's collect syscall to obtain sensitive...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0117)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive...

UBUNTU-CVE-2020-28588

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that all...

Oracle Linux 6 : kernel (ELSA-2020-5934)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5934 advisory. - arch/x86/kernel/entry32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set,...

WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques

Microsoft is known for their backwards compatibility. When they rolled out the 64-bit variant of Windows years ago they needed to provide compatibility with existing 32-bit applications. In order to provide seamless execution regardless of application bitness, the WoW Windows on Windows system wa...

iSH - Linux Shell For iOS

A project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation. For the current status of the project, check the issues tab, and the commit logs. App Store page TestFlight beta Discord server Wiki with help and tutorials README in Chinese may be out of date, i...

USN-4574-1: libseccomp-golang vulnerability

It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp...

USN-4574-1 golang-github-seccomp-libseccomp-golang vulnerability

It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp...