CVE-2020-25285

A flaw was found in the Linux kernels sysctl handling code for hugepages management. When multiple root level processes would write to modify the /proc/sys/vm/nrhugepages file it could create a race on internal variables leading to a system crash or memory corruption. Mitigation Mitigation for th...

Linux kernel null pointer dereference vulnerability (CNVD-2020-52031)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A null pointer dereference vulnerability exists in Linux kernel versions prior to 5.8.8. The vulnerability stems from...

DEBIAN-CVE-2020-25285

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812...

Race condition

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812...

CVE-2020-25285

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812...

UBUNTU-CVE-2020-25285

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812...

CVE-2020-25285

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812...

CVE-2020-25285

CVE-2020-25285 is a race condition in the Linux kernel hugetlb sysctl handlers (mm/hugetlb.c) that could allow a local attacker to corrupt memory or trigger NULL pointer dereferences. Public docs (e.g., ChangeLog-5.8.8) indicate the fix was released in kernel 5.8.8; Ubuntu/Debian advisories refer...

CVE-2020-10774

A flaw memory disclosure flaw was found in the Linux kernel’s sysctl subsystem in reading the /proc/sys/kernel/rhfeatures file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. Mitigation Mitigatio...

kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c

A flaw was reported in the Linux kernel's TCP subsystem while calculating a packet round trip time, when a sysctl parameter /proc/sys/net/ipv4/tcpminrttwlen is set incorrectly. This causes an integer overflow which can lead to a denial Of service DOS attack...

kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c

A flaw was found in the Linux kernel’s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A flaw in the Linux kernel's Stream Control Transmission Protocol SCTP implementation could allow a remote attacker to cause a denial of service if the sysctl "net.sctp.addipenable" and "authenable" variables were turned on they are off by default...

Linux: Number of outstanding syn requests allowed (net.ipv4.tcp_max_syn_backlog)

This script checks the number of outstanding syn requests allowed. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux: TCP timestamps

The tcptimestamps function makes the system prone to DoS attacks. This script tests whether the Linux host is configured to disable tcptimestamps. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Linux: sysctl net.ipv6.conf.all.forwarding

IP forwarding is used to determine which path a packet can be sent over multiple networks. Note: This scripts looks for SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Linux: sysctl net.ipv4.ip_forward

IP forwarding is used to determine which path a packet can be sent over multiple networks. The SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Linux: sysctl fs.suid_dumpable

Core dumps are the memory of a process when it crashes. Core dumps can grow to significant size, ending in a Denial of Service. Also, core dumps can be used to get confidential information from a core file. Note: This scripts looks for SPDX-FileCopyrightText: 2020 Greenbone AG Some text...

Linux: Read sysctl config files (KB)

sysctl.conf is a simple file containing sysctl values to be read in and set by sysctl. Files to consider: /etc/sysctl.conf, /etc/sysctl.d/. Note: This script only stores information for other Policy Controls. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from ...

Linux: Read sysctl variables (KB)

sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data. Note: This script only stores information for other Policy Controls. Copyright ...

CVE-2019-20054

A flaw was found in the Linux kernel’s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system...