Unsupervised Coverage-Guided Kernel Fuzzer: syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it’s being extended to support other ...

Amazon Linux AMI : kernel (ALAS-2017-901)

A buffer overflow was discovered in tpacketrcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a...

Medium: kernel

Issue Overview: A buffer overflow was discovered in tpacketrcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory...

CVE-2017-14497

A buffer overflow was discovered in tpacketrcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a...

CVE-2017-14489

The iscsiifrx function in 'drivers/scsi/scsitransportiscsi.c' in the Linux kernel from v2.6.24-rc1 through 4.13.2 allows local users to cause a denial of service a system panic by making a number of certain syscalls by leveraging incorrect length validation in the kernel code...

USN-3406-1: Linux kernel vulnerabilities

It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or expose sensitive information. CVE-2016-7914 It was discovered that a NULL pointer dereferenc...

Linux/x86_64 - Fork Bomb Shellcode (11 bytes)

Linux/x8664 - Fork Bomb Shellcode 11 bytes. Shellcode exploit for Linx86-64 platform / ;Title: Linux/x8664 - fork Bomb 11 bytes ;Author: Touhid M.Shaikh ;Contact: https://twitter.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: WARNING! this shellcode may crash your...

Oracle Linux 7 : openssh (ELSA-2017-2029)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2029 advisory. 7.4p1-11 + 0.10.3-1 - Compiler warnings 1341754 7.4p1-10 + 0.10.3-1 - Add missing messages in FIPS mode 1341754 7.4p1-9 + 0.10.3-1 - Allow harmless...

openssh security, bug fix, and enhancement update

7.4p1-11 + 0.10.3-1 - Compiler warnings 1341754 7.4p1-10 + 0.10.3-1 - Add missing messages in FIPS mode 1341754 7.4p1-9 + 0.10.3-1 - Allow harmless syscalls for s390 crypto modules 1451809 7.4p1-8 + 0.10.3-1 - Fix multilib issue in documentation 1450361 7.4p1-6 + 0.10.3-1 - ControlPath too long...

Linux Kernel - BadIRET Local Privilege Escalation

Linux Kernel - BadIRET Local Privilege Escalation CVE-2014-9322 PoC for Linux kernel CVE-2014-9322 a.k.a BadIRET proof of concept for Linux kernel. This PoC uses only syscalls not any libraries, like pthread. Threads are implemented using raw Linux syscalls. Raw Linux Threads via System Calls Usa...

Linux Kernel - 'BadIRET' Local Privilege Escalation

CVE-2014-9322 PoC for Linux kernel CVE-2014-9322 a.k.a BadIRET proof of concept for Linux kernel. This PoC uses only syscalls not any libraries, like pthread. Threads are implemented using raw Linux syscalls. Raw Linux Threads via System Calls Usage $ make badiret.elf is an ELF executable...

Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) -

Exploit for linux platform in category local exploits / Linuxldsohwcap64.c for CVE-2017-1000366, CVE-2017-1000379 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C 2012-2017 Free Software Foundation, Inc. This program is free...

Windows 10 x64 - Egghunter Shellcode (45 bytes)

Windows 10 x64 - Egghunter Shellcode 45 bytes. Shellcode exploit for Winx86-64 platform PUBLIC Win10egghunterx64 .code Win10egghunterx64 PROC start: push 7fh pop rdi ; RDI is nonvolatile, so it will be preserved after syscalls setup: inc rdi ; parameter 1 - lpAddress - counter mov r9b,40h ;...

Windows 10 x64 - Egghunter Shellcode (45 bytes)

PUBLIC Win10egghunterx64 .code Win10egghunterx64 PROC start: push 7fh pop rdi ; RDI is nonvolatile, so it will be preserved after syscalls setup: inc rdi ; parameter 1 - lpAddress - counter mov r9b,40h ; parameter 3 - flNewProtect - 0x40 PAGEEXECUTEREADWRITE pop rsi ; Stack alignment before the...

Linux Kernel 2.6.32 Privilege Escalation

Source: http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/ proc Handling of Already Opened Files: Subvert The Stack Base Address Randomization With Suid-Binaries Problem description: Latest ubuntu lucid stock kernel 2.6.32-27-generic contains a bug that allows to keep attached to...

Virtuozzo 7 : readykernel-patch (VZA-2017-007)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A double free vulnerability was found in netlinkdump, which could cause a denial of service or possibly other...

Kernel security update: Virtuozzo ReadyKernel patch 11.0 for kernel 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)

The cumulative Virtuozzo ReadyKernel patch updated with security fixes as well as a usability bug fix. The patch applies to Virtuozzo 7.0.3. Vulnerability id: CVE-2016-9806 A double free vulnerability was found in netlinkdump, which could cause a denial of service or possibly other unspecified...

Linux Kernel 2.6.32-rc1 x86_64 Register Leak Exploit

Linux kernel version 2.6.32-rc1 x8664 register leak proof of concept code. / written by Ingo Molnar -- it's true because this comment says the exploit was written by him! / include include unsigned int r81; unsigned int r82; unsigned int r91; unsigned int r92; unsigned int r101; unsigned int r102...

Linux Kernel 2.6.32-rc1 x86_64 Register Leak

/ written by Ingo Molnar -- it's true because this comment says the exploit was written by him! / include include unsigned int r81; unsigned int r82; unsigned int r91; unsigned int r92; unsigned int r101; unsigned int r102; unsigned int r111; unsigned int r112; unsigned int r121; unsigned int r12...

CVE-2016-8645

It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcpfastopen' set to 1 can hit BUG statement in tcpcollapse function after making a number of certain syscalls leading to a possible system crash...