GSD-2021-1000202 userfaultfd: release page in error path to avoid BUG_ON

userfaultfd: release page in error path to avoid BUGON This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.5 by commit...

GSD-2021-1000465 userfaultfd: release page in error path to avoid BUG_ON

userfaultfd: release page in error path to avoid BUGON This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.233 by commit...

UVI-2021-1000465 userfaultfd: release page in error path to avoid BUG_ON

userfaultfd: release page in error path to avoid BUGON This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.233 by commit...

UVI-2021-1000443 userfaultfd: release page in error path to avoid BUG_ON

userfaultfd: release page in error path to avoid BUGON This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.191 by commit...

UVI-2021-1000202 userfaultfd: release page in error path to avoid BUG_ON

userfaultfd: release page in error path to avoid BUGON This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.5 by commit...

Linux 5.6 IORING_OP_MADVISE Race Condition

Linux 5.6 has an issue with IORINGOPMADVISE racing with coredumping. Linux 5.6: IORINGOPMADVISE races with coredumping Last year, I noticed that core dumping iterates over current-mm's VMA list without proper locking, under the assumption that the VMA list can not be modified externally. This...

CVE-2017-15128

A flaw was found in the Linux kernel where a local user with a shell account can abuse the userfaultfd syscall when using hugetlbfs. A missing size check in hugetlbmcopyatomicpte could create an invalid inode variable, leading to a kernel panic...

The vulnerability of the userfaultfd component in Linux operating systems allows attackers to compromise the integrity of protected information.

The vulnerability of the userfaultfd component in Linux operating systems exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to compromise the integrity of protected information...

Virtuozzo 7 : readykernel-patch (VZA-2019-006)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the implementation of userfaultfd. An attacker is able to bypass file permissions on filesystems...

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel

Linux 5.3 - Privilege Escalation via iouring Offload of sendmsg onto Kernel Thread with Kernel Creds Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG...

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds

Linux 5.3 - Privilege Escalation via iouring Offload of sendmsg onto Kernel Thread with Kernel Creds Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG...

Linux sendmsg() Privilege Escalation

Linux: privilege escalation via iouring offload of sendmsg onto kernel thread with kernel creds Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG submission...

Arbitrary Code Execution

Linux kernel is vulnerable to arbitrary code execution attacks. This issue is related to the handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly could create a fork event that will be removed from an already freed list of events...

Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no longer stop all VM operations. This is because those proceses that could possibly change mapcount or the mmap / vma pages are now...

Linux Missing Lockdown Exploit

Linux suffers from a missing locking between ELF coredump code and userfaultfd VMA modification. Linux: missing locking between ELF coredump code and userfaultfd VMA modification Related CVE Numbers: CVE-2019-11599. elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no...

Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no longer stop all VM operations. This is because those proceses that could possibly change mapcount or the mmap / vma pages are now blocked in doexit on current finishing this core dump. Only ptrace can touch these memo...

Race condition

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by...

PT-2019-2821 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.0.10 Description: The issue is caused by errors in synchronization when using a shared resource in the Linux kernel's coredump implementation. This allows local users to obtain sensitive information, cause a...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the...

RHEL 7 : kernel (RHSA-2019:0324)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0324 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: userfaultfd bypasses tmpfs file...