CVE-2018-18397

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file contains holes, related to...

CVE-2018-18397

The vulnerability CVE-2018-18397 affects the Linux kernel prior to 4.19.7, where the userfaultfd implementation mishandles access control for certain UFFDIO ioctls (fs/userfaultfd.c and mm/userfaultfd.c). A local attacker with read permissions on a tmpfs file containing holes could write data int...

CVE-2018-18397

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file contains holes, related to...

CVE-2018-18397

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file contains holes, related to...

Linux userfaultfd tmpfs File Permission Bypass

Linux: userfaultfd bypasses tmpfs file permissions CVE-2018-18397 Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vmacanuserfault: It must be an anonymous VMA -vmops==NULL, a hugetlb VMA VMHUGETLB, or a shmem VMA -vmops==shmemvmops. This...

UBUNTU-CVE-2018-18397

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file contains holes, related to...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-2)

This update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 CVE-2018-15686: A vulnerability in unitdeserialize ...

openSUSE Security Update : systemd (openSUSE-2018-1423)

This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 - CVE-2018-15686: A vulnerability in...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-1)

This update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 CVE-2018-15686: A vulnerability in unitdeserialize ...

openSUSE Security Update : systemd (openSUSE-2018-216)

This update for systemd fixes the following issues : Security issue fixed : - CVE-2017-18078: tmpfiles: refuse to chown/chmod files which are hardlinked, unless protectedhardlinks sysctl is on. This could be used by local attackers to gain privileges bsc1077925 Non Security issues fixed : - core:...

kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)

A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAPFSETID, the setgid bit is cleared in inodechangeok. Setting a POSIX ACL via 'setxattr' sets the file permissions as well as...

kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)

A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAPFSETID, the setgid bit is cleared in inodechangeok. Setting a POSIX ACL via 'setxattr' sets the file permissions as well as...

kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)

A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAPFSETID, the setgid bit is cleared in inodechangeok. Setting a POSIX ACL via 'setxattr' sets the file permissions as well as...

Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3359-1)

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information kernel memory. CVE-2014-9900 Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsyste...

USN-3359-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information kernel memory. CVE-2014-9900 Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsyste...

CVE-2016-10117

Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc...

CVE-2016-10117

Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc...

UBUNTU-CVE-2016-10117

Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc...

Design/Logic Flaw

Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc...

CVE-2016-10117

Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc...