Huawei EulerOS: Security Advisory for libseccomp (EulerOS-SA-2019-1956)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1369)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1256)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: TLB flush happens too late on mremap

Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...

Android ashmem Read-Only Bypasses

Android: ashmem readonly bypasses via remapfilepages and ASHMEMUNPIN This bug report describes two ways in which an attacker can modify the contents of a read-only ashmem fd. I'm not sure at this point what the most interesting user of ashmem is in the current Android release, but there are vario...

openSUSE: Security Advisory for libseccomp (openSUSE-SU-2019:2283-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

kernel: TLB flush happens too late on mremap

Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make...

Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)

; Title: Linux/x64 - Reverse TCP Stager Shellcode 188 bytes ; Author: Lee Mazzoleni ; Tested on: Ubuntu 18.04.2 LTS ; reverse tcp stager - download and execute up to 4096 bytes of additional payload - no null bytes in this ; this code is 188 bytes total less if you delete the exit syscall at the...

Threat Analysis Unit (TAU) Threat Intelligence Notification: Skidmap

Hijacking machine resources and using them to mine for cryptocurrency continues to be an attractive and lucrative target for threat actors. As we’ve continued to see this type of attack used, we’ve also seen more platforms being targeted. Seeing cryptocurrency mining malware targeting Linux and...

MGASA-2019-0330 Updated systemd packages fix security vulnerability

Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users...

Updated systemd packages fix security vulnerability

Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users...

CVE-2011-5330

Distributed Ruby aka DRuby 1.8 mishandles the sending of syscalls...

CVE-2011-5330

Technical details about CVE-2011-5330 are not publicly available in the provided documents. The entries only state that Distributed Ruby (DRuby) 1.8 mishandles the sending of syscalls. Monitor for updates from vendors and security advisories.

SUSE-SU-2019:2941-1 Security update for libseccomp

This update for libseccomp fixes the following issues: Update to new upstream release 2.4.1: Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. Updated to 2.4.0 bsc1128828 CVE-2019-9893: Update the syscall table for Linux v5.0-rc5 Added support for the...

UBUNTU-CVE-2014-3180

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restartsyscall uses uninitialized data when restarting compatsysnanosleep. NOTE: this is disputed because the code path is unreachable...

CVE-2019-2249

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081,...

CVE-2019-2249

CVE-2019-2249 affects Qualcomm Snapdragon kernel code and enables a memory read from an arbitrary address supplied by user during a syscall. Documented in multiple sources (NVD, Red Hat), it lists extensive Snapdragon family coverage (e.g., IPQ8074, SD 427/435/450/625/636/665/675/712/710/670/730/...

Authorization Bypass

libseccomp is vulnerable to authorization bypass. The vulnerability exists due to the incorrect generation of syscall filters in libseccomp...

libseccomp: incorrect generation of syscall filters in libseccomp

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...