112 matches found
CVE-2022-2959
A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the...
Linux Kernel Watch Queue Race Condition Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of pipe...
CVE-2022-2959
A race condition was found in the Linux kernel's watch queue due to a missing lock in the piperesizering. The race condition occurs when a thread uses ioctlIOCWATCHQUEUESETSIZE to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl to trigger a notification in th...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a security vulnerability that stems from a lack of locks in its watch queue's piperesizering causing a contention condition. The flaw allows a loc...
GSD-2022-1002026 watch_queue: Free the page array when watch_queue is dismantled
watchqueue: Free the page array when watchqueue is dismantled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...
Metasploit Weekly Wrap-Up
ManageEngine ADSelfService Plus Authenticated RCE This module is pretty exciting for us because it's for a vulnerability discovered by our very own Rapid7 researchers Jake Baines, Hernan Diaz, Andrew Iwamaye, and Dan Kelly. The vulnerability allowed for attackers to leverage the "custom script"...
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state potentially allowing a local user to gain privileged access or cause a denial of service on the system.
...
CVE-2022-0995
An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...
DEBIAN-CVE-2022-0995
An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...
UBUNTU-CVE-2022-0995
An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...
Linux kernel 缓冲区错误漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an elevation of privilege vulnerability, which stems from watchqueue triggering a memory corruption in the Linux kernel that could be exploited by an attacker to gain elevat...
PT-2022-2006
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17-rc8 Description An out-of-bounds OOB memory write flaw exists in the watch queue event notification subsystem. This issue allows the overwriting of parts of the kernel state, which could enable a local user ...