102 matches found
SUSE CVE-2024-50133
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stacktop for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL vdso pointer and crash. This can...
CVE-2024-50133
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stacktop for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL vdso pointer and crash. This can...
DEBIAN-CVE-2024-50133
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stacktop for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL vdso pointer and crash. This can...
UBUNTU-CVE-2024-50133
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stacktop for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL vdso pointer and crash. This can...
CVE-2024-50133 LoongArch: Don't crash in stack_top() for tasks without vDSO
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stacktop for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL vdso pointer and crash. This can...
CVE-2024-50133 LoongArch: Don't crash in stack_top() for tasks without vDSO
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stacktop for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL vdso pointer and crash. This can...
SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2024:2929-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2929-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...
glibc security update
2.28-225.0.4.6 - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaihinet RHEL-2435. - CVE-2023-4813: work around RHEL-8 limitation in test RHEL-2435. Reviewed by: Jose E...
Exploit for Race Condition in Canonical Ubuntu_Linux
This repository is a proof-of-concept PoC for the Dirty COW CVE-2016-5195 vulnerability. The PoC relies on ptrace to patch the vDSO Virtual Dynamic Shared Object instead of modifying filesystem binaries. This approach has several advantages, including no setuid binary required, SELinux bypass,...
CVE-2023-23586
creationtimestamp| type| source ---|---|--- 2023-02-17 16:13:07+00:00| published-proof-of-concept| https://t.me/cibsecurity/58430 2024-12-10 23:00:00+00:00| seen| https://u1f383.github.io/linux/2024/12/11/linux-vdso-and-vvar.html 2024-12-20 18:02:36+00:00| published-proof-of-concept|...
SUSE CVE-2014-9585
The vdsoaddr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD...
GSD-2022-1006910 riscv: vdso: fix NULL deference in vdso_join_timens() when vfork
riscv: vdso: fix NULL deference in vdsojointimens when vfork This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
PT-2022-35165 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to a NULL deference in the vdso join timens function when vfork is used. This problem was introduced in version v5.19 and is fixed in Linux Kernel version v6.0.3. The...
Unbreakable Enterprise kernel security update
5.4.17-2136.311.6 - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' Sherry Yang Orabug: 34535896 5.4.17-2136.311.5 - netfilter: nftables: do not allow RULEID to refer to another chain Thadeu Lima de Souza Cascardo Orabug: 34495567 CVE-2022-2586 - netfilter: nftable...
Exploit for Race Condition in Canonical Ubuntu_Linux
This repository is an exploit module for the Dirty COW CVE-2016-5195 vulnerability. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The payload is written in assembly and is executed whenever a process makes a call to clockgettime. If the...
Exploit for Race Condition in Canonical Ubuntu_Linux
PoC exploit for CVE-2016-5195 Dirty COW. The target product/service is Linux, specifically the vDSO Virtual Dynamic Shared Object component. The vulnerability class/vector is a privilege escalation vulnerability, allowing an unprivileged user to gain root privileges. The probable entry point is t...
kernel_exploit_series
This is a collection of files related to a vulnerable driver, specifically targeting the Linux kernel. The files are part of a repository called "povcfe/kernelexploitseries". The files include: 1. 1-heapsprayUAF/easyuaf.c: This file appears to be a simple example of a heap spray vulnerability,...
Exploit for Race Condition in Canonical Ubuntu_Linux
This is a PoC Proof of Concept exploit for CVE-2016-5195, also known as Dirty COW. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The exploit is architecture-dependent and may not work on every Linux version. The payload is written in assemb...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists due to missing boundary checks in the Virtual Dynamic Shared Objects vDSO implementation. This could allow a local unprivileged user to cause a denial of service or escalate privileges...
kernel_exploit_series
This repository is an exploit series for learning how to exploit kernel vulnerabilities, specifically targeting the Linux kernel. The repository contains various exploit modules and tools, including: 1. 1-heapsprayUAF: This directory contains exploit code for a use-after-free UAF vulnerability in...