41 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Remove the USERGSSYSRET64 paravirt call This change has been committed to the upstream repository as afd30525a659ac0ae0904f0cb4a2ca75522c3123. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV gues...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989540)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989540 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123...
SUSE CVE-2021-4440
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as ther...
UBUNTU-CVE-2021-4440
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as ther...
CVE-2021-4440
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as ther...
CVE-2021-4440 x86/xen: Drop USERGS_SYSRET64 paravirt call
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as ther...
CVE-2021-4440 x86/xen: Drop USERGS_SYSRET64 paravirt call
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as ther...
SUSE CVE-2012-0217
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microso...
Speculative Code Store Bypass (SCSB) and Floating-Point Value Injection (FPVI) Advisory - Lenovo Support US
No description provided...
FreeBSD - Intel SYSRET Privilege Escalation Exploit
Exploit for freebsd platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeBSD Intel SYSRET Privilege Escalation', 'Description' = %q This module exploits a...
FreeBSD Intel SYSRET Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeBSD Intel SYSRET Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit...
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeBSD Intel SYSRET Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit...
FreeBSD Intel SYSRET Privilege Escalation
This module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault GPF when executing a SYSRET instruction with a non-canonical address in the RCX register...
Important: Red Hat Security Advisory: kernel security update
Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
kernel: x86_64: ptrace: sysret to non-canonical address
It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially...
Important: Red Hat Security Advisory: kernel security update
Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Linux Kernel ptrace/sysret - 本地提权漏洞
No description provided by source. / CVE-2014-4699 ptrace/sysret PoC by Vitaly Nikolenko [email protected] gcc -O2 pocv0.c This code is kernel specific. On Ubuntu 12.04.0 LTS 3.2.0-23-generic, the following will trigger the GP in sysret and overwrite the PF handler so we can land to our NOP sled...
Linux Kernel ptrace/sysret - Local Privilege Escalation Exploit
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...
Linux Kernel ptrace/sysret Local Privilege Escalation
/ CVE-2014-4699 ptrace/sysret PoC by Vitaly Nikolenko [email protected] gcc -O2 pocv0.c This code is kernel specific. On Ubuntu 12.04.0 LTS 3.2.0-23-generic, the following will trigger the GP in sysret and overwrite the PF handler so we can land to our NOP sled mapped at 0x80000000. However, onc...
Linux Kernel 3.2.0-23 (Ubuntu 12.04 x64) - ptracesysret Local Privilege Escalation
Linux Kernel 3.2.0-23 Ubuntu 12.04 x64 - ptracesysret Local Privilege Escalation / CVE-2014-4699 ptrace/sysret PoC by Vitaly Nikolenko [email protected] gcc -O2 pocv0.c This code is kernel specific. On Ubuntu 12.04.0 LTS 3.2.0-23-generic, the following will trigger the GP in sysret and overwrite...