1576 matches found
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c
The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...
glibc security, bug fix, and enhancement update
2.17-260.0.9 - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi 2.17-260.0.7 - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty 2.17-260.0.5 - Fix dbl-64/wordsize-64...
CVE-2018-18281
Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...
Design/Logic Flaw
Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...
DEBIAN-CVE-2018-18281
Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...
CVE-2018-18281
Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...
CVE-2018-18281
Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...
CVE-2018-18281
CVE-2018-18281 is a Linux kernel local vulnerability due to a race in mremap() where TLB flushes can occur too late, potentially allowing a process to access memory after it has been freed. The issue stems from moving page tables during mremap(), where stale TLB entries may remain until after the...
CVE-2018-18281
Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...
CVE-2018-18281
Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...
Linux systemd Symlink Dereference Via chown_one() Exploit
Linux suffers from an issue with systemd where chownone can dereference symlinks. systemd: chownone can dereference symlinks CVE-2018-15687 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at...
Linux Kernel 4.11.8 - mq_notify: double sock_put() Local Privilege Escalation
Linux Kernel 4.11.8 - mqnotify: double sockput Local Privilege Escalation / CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target...
Linux/x86 - Egghunter + sigaction-based Shellcode (27 bytes)
/ Title: Linux/x86 - Egghunter + sigaction-based Shellcode 27 bytes Author:Valbrux This exploit is a dirty-slow but small version of the sigaction-based egg hunter shellcode global start section .text ;zeroing ecx xor ecx,ecx start: ;increment inc ecx ;sigaction syscall number push byte 67 pop ea...
EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1256)
According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to...
EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1260)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling...
gVisor Sentry Invalid Access Vulnerability
gVisor Sentry permits access to the renameat syscall. As the sentry is not chrooted, it permits renaming files in the host system. gVisor sentry can call renameat The seccomp sandbox of the gVisor sentry permits access to the renameat syscall:...
Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)
Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes. Shellcode exploit for LinuxMIPS platform / Title: Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes Date: 2018-08-10 Author: Antonio execve/bin/sh shellcode for MIPS64 tested on MIPS Malta - Linux debian-mips64el 4.9.0-3-5kc-malta 48 bytes gcc...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2416-1) (Foreshadow)
This update for the Linux Kernel 4.4.114-9414 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...
Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)
; Title: add root user toor:toor ; Date: 20180811 ; Author: epi ; https://epi052.gitlab.io/notes-to-self/ ; Tested on: linux/x8664 SMP CentOS-7 3.10.0-862.2.3.el7.x8664 GNU/Linux ; ; Shellcode Length: 99 bytes ; Action: Adds a user into /etc/passwd with the following information ; username: toor ...
Exploit for Race Condition in Debian Debian_Linux
This is a PoC exploit for CVE-2018-8897, a local privilege escal...