CVE-2019-2054

A flaw was found in the Linux kernel's seccomp implementation which contained a method to bypass seccomp syscall filtering policies that allowed ptrace. This could allow an attacker with code execution privileges within the sandbox to use ptrace to execute systemcalls that would be filtered by th...

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1521)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a...

Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper

Exploit Title: Linux/x86 - Reverse Shell Shellcode 91 Bytes + Python Wrapper Exploit Author: Dave Sully Vendor Homepage: Software Link: NA Version: NA Tested on: Ubuntu 16.04 CVE : NA This is the raw assembly ; Filename: reverseshell.nasm ; Author: Dave Sully ; Website: http://suls.co.uk ; Purpos...

Privilege Escalation

kernel-rt packages is vulnerable to privilege escalation. An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system,...

Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no longer stop all VM operations. This is because those proceses that could possibly change mapcount or the mmap / vma pages are now blocked in doexit on current finishing this core dump. Only ptrace can touch these memo...

Authorization Bypass

github.com/seccomp/libseccomp-golang is vulnerable to authorization bypass. Adding multiple rules simultaneously with a single API call results in an AND relationship that matches only if all of the arguments match. This allows an attacker to bypass intended access restrictions by specifying...

kernel: TLB flush happens too late on mremap

Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

libseccomp: Privilege escalation

Background A library that provides an easy to use, platform independent, interface to the Linux Kernel’s syscall filtering mechanism. Description Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no...

EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A division-by-zero in settermios, when debugging is enabled, was found in the Linux kernel. When the ioti driver is loaded, a loc...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-974)

The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-18281: The mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the...

CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...

DEBIAN-CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...

ALPINE-CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...

CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...

CVE-2019-9893

CVE-2019-9893 affects libseccomp prior to 2.4.0, where 64-bit syscall argument comparisons using arithmetic operators (LT, GT, LE, GE) could be generated incorrectly, potentially bypassing seccomp filters and enabling privilege escalation. Multiple upstream and distribution advisories (including ...

CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...

CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...

UBUNTU-CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...