15 matches found
runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...
EUVD-2018-10126
Malware in sbrugna...
CVE-2024-50066
In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix movenormalpmd/retractpagetables race In mremap, movepagetables looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. ...
CVE-2024-26630 mm: cachestat: fix folio read-after-free in cache walk
In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to...
K83102920: Linux kernel vulnerability CVE-2018-18397
Security Advisory Description The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file...
F5 Networks BIG-IP : Linux kernel vulnerability (K83102920)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K83102920 advisory. The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as...
RHEL 7 : kernel-alt (RHSA-2019:0831)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0831 advisory. The kernel-alt packages provide the Linux kernel version 4.x. Security Fixes: kernel: lack of check for mmap minimum address in...
RHEL 7 : kernel (RHSA-2019:0163)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0163 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Use-after-free due to race...
RHEL 7 : kernel (RHSA-2019:0202)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0202 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: userfaultfd bypasses tmpfs file...
Linux - userfaultfd Bypasses tmpfs File Permissions
Linux - userfaultfd Bypasses tmpfs File Permissions Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vmacanuserfault: It must be an anonymous VMA -vmops==NULL, a hugetlb VMA VMHUGETLB, or a shmem VMA -vmops==shmemvmops. This means that it...
Design/Logic Flaw
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file contains holes, related to...
CVE-2018-18397
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file contains holes, related to...
CVE-2018-18397
The vulnerability CVE-2018-18397 affects the Linux kernel prior to 4.19.7, where the userfaultfd implementation mishandles access control for certain UFFDIO ioctls (fs/userfaultfd.c and mm/userfaultfd.c). A local attacker with read permissions on a tmpfs file containing holes could write data int...
kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)
A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAPFSETID, the setgid bit is cleared in inodechangeok. Setting a POSIX ACL via 'setxattr' sets the file permissions as well as...
kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)
A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAPFSETID, the setgid bit is cleared in inodechangeok. Setting a POSIX ACL via 'setxattr' sets the file permissions as well as...