CVE-2024-47701

An out-of-bounds access flaw was found in the Linux kernel's ext4 file system. This issue occurs when evalueoffs is changed underneath the filesystem by some change in the block device and looking up an entry in an inlined directory. This could allow a local user to crash the system or escalate...

CVE-2024-47701 ext4: avoid OOB when system.data xattr changes underneath the filesystem

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if evalueoffs is changed underneath the filesystem by some change in the block device, it will lead to...

NewStart CGSL MAIN 6.02 : trousers Multiple Vulnerabilities (NS-SA-2022-0066)

The remote NewStart CGSL host, running version MAIN 6.02, has trousers packages installed that are affected by multiple vulnerabilities: - An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root g...

Denial Of Service (DoS)

trousers is vulnerable to denial of service. The vulnerability exists when daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks which allows the tss user to create or corrupt existing files, which could possibly lead to a DoS attack...

CVE-2020-24332

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...

CVE-2020-24332

CVE-2020-24332 affects TrouSerS up to version 0.3.14. When tcsd runs with root privileges, creating the system.data file is prone to symlink attacks, allowing the tss user to create or corrupt files and potentially cause a DoS. A fix is available in trousers 0.3.15 (and advisories note the issues...

security/trousers -- several vulnerabilities

the TrouSerS project reports reports: If the tcsd daemon is started with root privileges, it fails to drop the root gid after it is no longer needed. If the tcsd daemon is started with root privileges, the tss user has read and write access to the /etc/tcsd.conf file. If the tcsd daemon is starte...

Linux Kernel 4.16.11 - ext4_read_inline_data() Memory Corruption

Linux Kernel 4.16.11 - ext4readinlinedata Memory Corruption ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in...

Linux Kernel 4.16.11 #LinuxKernel - #ext4_read_inline_data() Memory Corruption Exploit

Exploit for linux platform in category dos / poc ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in the inode...

CVE-2018-11412

The fs/ext4/inline.c:ext4readinlinedata function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or...

CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...

CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...