CVE-2024-26630 mm: cachestat: fix folio read-after-free in cache walk

In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to...

CVE-2024-26630

In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUGON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmemmfillatomicpte. We successfully account the blocks, we...

CVE-2021-46988 userfaultfd: release page in error path to avoid BUG_ON

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUGON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmemmfillatomicpte. We successfully account the blocks, we...

CVE-2021-46988

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUGON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmemmfillatomicpte. We successfully account the blocks, we...

Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-003)

The version of microvm-kernel installed on the remote host is prior to 4.14.246-200.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-003 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the...

K83102920: Linux kernel vulnerability CVE-2018-18397

Security Advisory Description The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file...

SUSE CVE-2006-1524

madviseremove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADVREMOVE vulnerability. NOTE: this description was originally written in a way tha...

SUSE CVE-2007-6417

The shmemgetpage function mm/shmem.c in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service crash...

SUSE CVE-2008-3534

The shmemdeleteinode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service system crash via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to...

SUSE CVE-2013-1767

Use-after-free vulnerability in the shmemremountfs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service system crash by remounting a tmpfs filesystem without specifying a required mpol aka mempolicy mount option...

SUSE CVE-2017-5551

The simplesetacl function in fs/posixacl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOT...

SUSE CVE-2018-18397

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file contains holes, related to...

SUSE CVE-2021-3732

A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible...

CVE-2021-43395

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle...

CVE-2021-43395

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle...

Ubuntu: Security Advisory (USN-103-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : aide (EulerOS-SA-2022-2018)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs...

EulerOS 2.0 SP3 : aide (EulerOS-SA-2022-1702)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of...

Huawei EulerOS: Security Advisory for aide (EulerOS-SA-2022-1442)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...