286 matches found
CVE-2018-18397
A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege...
CVE-2020-8831
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist this is not uncommon as /var/lock is a tmpfs, it will create the directory, otherwise it will simply continue execution using the existing...
Virtuozzo 7 : readykernel-patch (VZA-2019-006)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the implementation of userfaultfd. An attacker is able to bypass file permissions on filesystems...
container-tools:rhel8 bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fixes: podman exec rc-code needs to distinguish between stopped containers and non existing ones BZ1723470 Performance Problems with Podman on systems with IO load BZ1724522 podma...
container-tools:rhel8 bug fix update
An update is available for oci-umount, oci-systemd-hook. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The container-tools module contains tools for working wi...
ALBA-2019:1956 container-tools:rhel8 bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fixes: podman exec rc-code needs to distinguish between stopped containers and non existing ones BZ1723470 Performance Problems with Podman on systems with IO load BZ1724522 podma...
Authorization Bypass
Linux kernel is vulnerable to authorization bypass attacks. This exists in the tmpfs and hugetlbfs files. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior...
Privilege Escalation
Linux kernel is vulnerable to privilege escalation. This occurs in 'tmpfs' file system, the set group id setgid bit is not properly cleared during a setxattr call. A local user can exploit this to change permissions on a file and gain elevated privileges on the target system which allows an...
RHEL 7 : kernel-alt (RHSA-2019:0831)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0831 advisory. The kernel-alt packages provide the Linux kernel version 4.x. Security Fixes: kernel: lack of check for mmap minimum address in...
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1076)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security flaw was found in the ipfragreasm function in net/ipv4/ipfragment.c in the Linux kernel which can cause a later system crash in...
Oracle Linux 7 : kernel (ELSA-2019-0163)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0163 advisory. - fs userfaultfd: check VMMAYWRITE was set after verifying the uffd is registered Andrea Arcangeli 1640518 1640519 CVE-2018-18397 - mm userfaultfd: all...
RHEL 7 : kernel (RHSA-2019:0163)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0163 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Use-after-free due to race...
RHEL 7 : kernel (RHSA-2019:0202)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0202 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: userfaultfd bypasses tmpfs file...
Linux kernel userfaultfd tmpfs file permission bypass vulnerability
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the implementation of userfaultfd in versions of Linux kernel prior to 4.19.7, which stems from a program's failure to properly hand...
Linux - 'userfaultfd' Bypasses tmpfs File Permissions
Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vmacanuserfault: It must be an anonymous VMA -vmops==NULL, a hugetlb VMA VMHUGETLB, or a shmem VMA -vmops==shmemvmops. This means that it is, for example, possible to register userfaulfd...
Linux - userfaultfd Bypasses tmpfs File Permissions
Linux - userfaultfd Bypasses tmpfs File Permissions Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vmacanuserfault: It must be an anonymous VMA -vmops==NULL, a hugetlb VMA VMHUGETLB, or a shmem VMA -vmops==shmemvmops. This means that it...
Linux - userfaultfd Bypasses tmpfs File Permissions Exploit
Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vmacanuserfault: It must be an anonymous VMA -vmops==NULL, a hugetlb VMA VMHUGETLB, or a shmem VMA -vmops==shmemvmops. This means that it is, for example, possible to register userfaulfd...
Design/Logic Flaw
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file contains holes, related to...
CVE-2018-18397
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file contains holes, related to...
DEBIAN-CVE-2018-18397
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file contains holes, related to...