18 matches found
CVE-2016-5195
CVE-2016-5195 (Dirty COW) : A race condition in the Linux kernel’s memory management (mm/gup.c) allows a local user to gain write access to read‑only mappings via a faulty copy‑on‑write handling. Affected: kernel 2.x–4.x prior to 4.8.3. Exploitation was observed in the wild around Oct 2016. Impac...
CVE-2019-1559
OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...
CVE-2018-20836
CVE-2018-20836 : A race condition in the Linux kernel before 4.20, specifically in drivers/scsi/libsas/sas_expander.c (smp_task_timedout() vs smp_task_done()), can lead to a use-after-free. Affected: Linux kernel versions prior to 4.20. Impact is described as high by CVSS. The provided documents ...
CVE-2018-20669
CVE-2018-20669 affects the Linux kernel i915_gem_execbuffer2_ioctl path (drivers/gpu/drm/i915/i915_gem_execbuffer.c) up to kernel 4.19.13. A local attacker can craft an IOCTL call that fails address checks (address provided to access_ok() is not checked), enabling overwriting arbitrary kernel mem...
CVE-2018-14634
CVE-2018-14634 is a Linux kernel integer overflow vulnerability in create_elf_tables(). An unprivileged local user with access to a SUID (or otherwise privileged) binary could escalate privileges. Documented vulnerable kernel families include 2.6.x, 3.10.x, and 4.14.x. Mitigations/recognitions ex...
CVE-2019-3900
CVE-2019-3900 is an upstream Linux kernel vulnerability in the vhost_net module causing an infinite loop while handling incoming packets in handle_rx(), which can allow a guest user to stall the vhost_net kernel thread and trigger a DoS. The issue is present in Linux kernel releases up to and inc...
CVE-2019-11815
The CVE-2019-11815 issue affects Linux kernels with net/rds/tcp.c: rds_tcp_kill_sock contains a race that can cause a use-after-free during net namespace cleanup (pre-5.0.8). A fix was committed and released in 5.0.8; upgrading to 5.0.8+ (or applying the patch) is the advised remediation. The Uni...
CVE-2019-3882
CVE-2019-3882 affects the Linux kernel vfio interface: a local user owning a vfio device could abuse DMA mappings to memory and exhaust system memory, enabling a denial of service. Publicly available connected documents confirm the vulnerability and its DoS impact; Debian and other advisories inc...
CVE-2019-11486
The CVE-2019-11486 entry describes multiple race conditions in the Siemens R3964 line discipline driver (drivers/tty/n_r3964.c) of the Linux kernel, affecting versions before 5.0.8. This yields local exploitation potential with full confidentiality, integrity, and availability impact. A fix is av...
CVE-2019-3874
CVE-2019-3874 concerns the SCTP socket buffer not being accounted by the cgroups subsystem, enabling a denial-of-service against affected systems. The vulnerability is described in Unity Linux advisories referencing kernel SCTP handling and states that “Kernel 3.10.x and 4.18.x branches are belie...
CVE-2019-9003
CVE-2019-9003 affects the Linux kernel prior to 4.20.5. The issue is a use-after-free in drivers/char/ipmi/ipmi_msghandler.c that can trigger an oops under certain concurrent execution, demonstrated by a service ipmievd restart loop. Impact is availability disruption (HIGH) with no confidentialit...
CVE-2019-3901
CVE-2019-3901 describes a race condition in perf_event_open() that can leak data from setuid processes. The root cause is that cred_guard_mutex is not held during the ptrace_may_access() check, allowing a target task to execve() with setuid execution before perf_event_alloc() attaches, bypassing ...
CVE-2019-9162
CVE-2019-9162 concerns the Linux kernel prior to 4.20.12, where the SNMP NAT module's net/ipv4/netfilter/nf_nat_snmp_basic_main.c contains insufficient ASN.1 length checks. This can trigger an out-of-bounds read/write (array index) leading to a kernel oops or local privilege escalation, specifica...
CVE-2019-3844
Summary (CVE-2019-3844): Affected component is systemd with DynamicUser; a local attacker can create SUID/SGID binaries and gain access to resources owned by a potentially different service after the transient UID/GID is recycled. This is a local privilege escalation vulnerability. Remediation fo...
CVE-2019-3843
CVE-2019-3843 concerns systemd's DynamicUser feature, where a service can create a SUID/SGID binary and retain it under a transient UID/GID after termination. The result is a local attacker potentially accessing resources owned by a different service in the future when UID/GID are recycled, as de...
CVE-2019-10125
CVE-2019-10125 affects the Linux kernel (up to v5.0.4) where aio_poll() in fs/aio.c may release a file by aio_poll_wake() after vfs_poll() returns, causing a use-after-free. Connected advisories (Unity Linux UTSA entries) reproduce the vulnerable description and map the issue to kernel code path ...
CVE-2015-8960
The CVE-2015-8960 entry concerns TLS protocol versions 1.2 and earlier. The root cause is that certain ClientCertificateType values (rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, ecdsa_fixed_ecdh) are supported but the protocol does not document the ability to compute the master secret in scenarios...
CVE-2018-20839
The CVE-2018-20839 entry concerns systemd 242, where a mishandled KDGKBMODE (current keyboard mode) check causes VT1 mode changes on logout. This can allow an attacker with physical access (watching shutdown or switching TTYs via Ctrl-Alt-F1/F2) to read cleartext passwords in certain scenarios. T...