1576 matches found
DEBIAN-CVE-2017-7518
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...
Design/Logic Flaw
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...
CVE-2017-7518
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...
CVE-2017-7518
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...
Design/Logic Flaw
The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function called when /proc/$PID/timers is read. This allows userspace applications ...
CVE-2017-18344
The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function called when /proc/$PID/timers is read. This allows userspace applications ...
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)
Title: Linux/x86 - Bind 4444/TCP Shell + IPv6 Shellcode 100 bytes Length : 100bytes Author: Kartik Durg Write-up Link: https://iamroot.blog/2018/07/17/0x1-shellbindtcpipv6-linux-x86/ Tested on: Ubuntu 16.0.4.1 i686 / global start section .text start: ;References: ;1http://syscalls.kernelgrok.com/...
Ubuntu 18.04 LTS : Linux kernel regression (USN-3718-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3718-1 advisory. USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient ear...
Linux/x64 - Reverse (::1:1337/TCP) + IPv6 + Password (pwnd) Shellcode (115 bytes)
Linux/x64 - Reverse ::1:1337/TCP + IPv6 + Password pwnd Shellcode 115 bytes. Shellcode exploit for Linuxx86-64 platform / ; Title : Reverse Shell IPv6 with Password - Shellcode ; Author : Hashim Jawad @ihack4falafel ; OS : Linux kali 4.15.0-kali2-amd64 1 SMP Debian 4.15.11-1kali1 2018-03-21 x8664...
Linux/x86 - Kill Process Shellcode (20 bytes)
/ Exploit Title: Kill PID shellcode Date: 07/09/2018 Exploit Author: Nathu Nandwani Platform: Linux/x86 Size: 20 bytes Compile: gcc -fno-stack-protector -z execstack killproc.c -o killproc / include include int main unsigned short pid = 2801; char shellcode = "\x31\xc0" / xor eax, eax / "\xb0\x25...
Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3697-1)
It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2018-1130 Jann Horn discovered that the 32 bit adjtimex syscall implementation for 64 bit...
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3695-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3695-1 advisory. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker...
Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3695-2)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3695-2 advisory. USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...
USN-3697-2: Linux kernel (OEM) vulnerabilities
It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2018-1130 Jann Horn discovered that the 32 bit adjtimex syscall implementation for 64 bit...
USN-3695-1: Linux kernel vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service system crash. CVE-2018-1094 It was discovered that the cdrom driver in the Linux kernel contained an...
USN-3695-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service system crash. CVE-2018-1094 It was discovered that the cdrom driver in the Linux kernel contained an...
hw: cpu: speculative execution branch target injection
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...
kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)
Linux/ARM - Egghunter 0x50905090 + execve'/bin/sh' Shellcode 60 bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Memsafe egghunter 0x50905090 + execve"/bin/sh". Null free shellcode 60 bytes Date: 2018-06-06 Tested: armv7l Raspberry Pi v3 and armv6l Raspberry Pi Zero W Author: rtmcx ...
Linux/ARM - Egghunter (0x50905090) + execve(/bin/sh) Shellcode (60 bytes)
/ Title: Linux/ARM - Memsafe egghunter 0x50905090 + execve"/bin/sh". Null free shellcode 60 bytes Date: 2018-06-06 Tested: armv7l Raspberry Pi v3 and armv6l Raspberry Pi Zero W Author: rtmcx - twitter: @rtmcx Description: The shellcode will search the memory for the "EGG" and, when found, redirec...