CBL Mariner 2.0 Security Update: kernel (CVE-2024-42311)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42311 advisory. - In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of...

CLSA-2024-1727352561 kernel: Fix of 19 CVEs

tipc: Return non-zero value from tipcudpaddr2str on error CVE-2024-42284 - dev/parport: fix the array out-of-bounds risk CVE-2024-42301 - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs CVE-2024-42285 - scsi: aacraid: Fix double-free on probe failure CVE-2024-46673 - ipv6: prevent...

CVE-2022-48944

In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more schedfork races Where commit 4ef0c5c6b5ba "kernel/sched: Fix schedfork access an invalid schedtaskgroup" fixed a fork race vs cgroup, it opened up a race vs syscalls by not placing the task on the runqueue...

CVE-2022-48944

In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more schedfork races Where commit 4ef0c5c6b5ba "kernel/sched: Fix schedfork access an invalid schedtaskgroup" fixed a fork race vs cgroup, it opened up a race vs syscalls by not placing the task on the runqueue...

CVE-2022-48944

In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more schedfork races Where commit 4ef0c5c6b5ba "kernel/sched: Fix schedfork access an invalid schedtaskgroup" fixed a fork race vs cgroup, it opened up a race vs syscalls by not placing the task on the runqueue...

CVE-2022-48944 sched: Fix yet more sched_fork() races

In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more schedfork races Where commit 4ef0c5c6b5ba "kernel/sched: Fix schedfork access an invalid schedtaskgroup" fixed a fork race vs cgroup, it opened up a race vs syscalls by not placing the task on the runqueue...

CVE-2022-48944 sched: Fix yet more sched_fork() races

In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more schedfork races Where commit 4ef0c5c6b5ba "kernel/sched: Fix schedfork access an invalid schedtaskgroup" fixed a fork race vs cgroup, it opened up a race vs syscalls by not placing the task on the runqueue...

CVE-2022-48944

The CVE-2022-48944 issue is a Linux kernel race in sched/fork() related to how new tasks are exposed via pidhash and runqueue handling. The description cites prior fixes that fixed a fork race vs cgroup (commit 4ef0c5c6b5ba) and a subsequent change that effectively reverted that, aiming to fix th...

CVE-2024-42318

A vulnerability was found in the Linux kernel's axichanhandleerr function, which caused a kernel panic due to NULL pointer dereferencing. This issue has been fixed. The update protects the vd variable to prevent such crashes. The axichanblockxfercomplete function was used as a reference for this...

CVE-2024-42318

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on credtransfer When a process' cred struct is replaced, this almost always invokes the credprepare LSM hook; but in one special case when KEYCTLSESSIONTOPARENT updates the parent's...

CVE-2024-42318

The CVE-2024-42318 issue lies in the Linux kernel Landlock integration: when a process’s cred struct is replaced, the cred_prepare LSM hook is normally invoked, but in a specific case involving KEYCTL_SESSION_TO_PARENT the cred_transfer hook is used. Landlock only implements cred_prepare, so cred...

CVE-2024-42318 landlock: Don't lose track of restrictions on cred_transfer

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on credtransfer When a process' cred struct is replaced, this almost always invokes the credprepare LSM hook; but in one special case when KEYCTLSESSIONTOPARENT updates the parent's...

CVE-2024-42318

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on credtransfer When a process' cred struct is replaced, this almost always invokes the credprepare LSM hook; but in one special case when KEYCTLSESSIONTOPARENT updates the parent's...

CVE-2024-42318 landlock: Don't lose track of restrictions on cred_transfer

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on credtransfer When a process' cred struct is replaced, this almost always invokes the credprepare LSM hook; but in one special case when KEYCTLSESSIONTOPARENT updates the parent's...

DEBIAN-CVE-2024-35871

In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs-gp is never used since the kernel gp is not touched by switchto. For a...

CVE-2024-26663

CVE-2024-26663 (Linux kernel) concerns TIPc bearer handling. Connected sources confirm concrete technical details: when tipc_nl_bearer_add() is invoked with the TIPC_NLA_BEARER_UDP_OPTS attribute, the code may call tipc_udp_nl_bearer_add() even if the bearer is not UDP, leading to an invalid medi...

DEBIAN-CVE-2021-47089

In the Linux kernel, the following vulnerability has been resolved: kfence: fix memory leak when cat kfence objects Hulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02e8 size 248: comm "cat", pid 23327, jiffies 4624670141 age 495992.217s hex dump first 32 bytes: 00 40 85 ...

CVE-2021-47078 RDMA/rxe: Clear all QP fields if creation failed

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones, but in case rxeqpfrominit failed it was filled with garbage and caused tot the following error...

CVE-2021-47078

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones, but in case rxeqpfrominit failed it was filled with garbage and caused tot the following error...

Metasploit Weekly Wrap-Up 01/26/24

Direct Syscalls Support for Windows Meterpreter Direct system calls are a well-known technique that is often used to bypass EDR/AV detection. This technique is particularly useful when dynamic analysis is performed, where the security software monitors every process on the system to detect any...