LinuxQuestions.org
Page 6 of 6 « First 45 6
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Kernel Vulns (https://www.linuxquestions.org/questions/linux-security-4/kernel-vulns-399624/)

win32sux 03-04-2011 09:34 PM
Linux Kernel epoll Denial of Service Vulnerability
 
Quote:
A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the epoll implementation, which can be exploited to cause a high CPU consumption via nested epoll structures.

The vulnerability is confirmed in version 2.6.37. Other versions may also be affected.
Secunia Advisory

win32sux 03-04-2011 09:35 PM
Linux Kernel DNS Resolver Key NULL Pointer Dereference Vulnerability
 
Quote:
A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference error when reading a DNS resolver key instantiated with an error indication, which can be exploited to crash the kernel.

The vulnerability is confirmed in version 2.6.37. Other versions may also be affected.
Secunia Advisory

win32sux 03-14-2011 07:02 PM
Linux Kernel InfiniBand Request Handling Denial of Service
 
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to a race condition within the InfiniBand request handling, which can be exploited to cause a kernel crash.
Secunia Advisory

win32sux 03-14-2011 07:06 PM
Linux Kernel "ldm_frag_add()" Buffer Overflow Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people with physical access to potentially compromise a vulnerable system.

The vulnerability is caused due to an error within the "ldm_frag_add()" function in fs/partitions/ldm.c, which can be exploited to cause a buffer overflow by e.g. plugging in a USB drive with a specially crafted LDM partition.
Secunia Advisory

win32sux 03-14-2011 07:09 PM
Linux Kernel TPM Information Disclosure Weakness
 
Quote:
Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.

The weaknesses are caused due to the "tpm_open()", "tpm_transmit()", "tpm_write()", and "tpm_read()" functions in drivers/char/tpm/tpm.c do not properly clearing certain memory, which can be exploited to disclose potentially sensitive information.
Secunia Advisory

win32sux 03-22-2011 10:11 AM
Linux Kernel Memory Leak Weaknesses
 
Quote:
Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose system information.

1) The "do_replace()", "compat_do_replace()", and "do_arpt_get_ctl()" functions in net/ipv4/netfilter/arp_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory.

2) The "do_replace()", "compat_do_replace()", and "do_ipt_get_ctl()" functions in net/ipv4/netfilter/ip_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory.

3) The "do_replace()", "compat_do_replace()", and "do_ip6t_get_ctl()" functions in net/ipv6/netfilter/ip6_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory.

Successful exploitation of these weaknesses requires "CAP_NET_ADMIN" capabilities.
Secunia Advisory

win32sux 03-25-2011 09:51 AM
Linux Kernel ROSE Multiple Vulnerabilities
 
Quote:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system.

The vulnerabilities are caused due to various errors within the implementation of the ROSE protocol and can be exploited to e.g. cause memory corruptions via specially crafted FAC_CCITT_DEST_NSAP or FAC_CCITT_SRC_NSAP fields.
Secunia Advisory

win32sux 03-25-2011 09:55 AM
Linux Kernel "iriap_getvaluebyclass_indication()" Buffer Overflows
 
Quote:
Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors within the "iriap_getvaluebyclass_indication()" function in net/irda/iriap.c, which can be exploited to cause stack-based buffer overflows via overly long names or attributes.
Secunia Advisory

win32sux 04-01-2011 02:47 AM
Linux Kernel OCFS2 Sparse Writes Information Disclosure Weakness
 
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.

The weakness is caused due to an error within the OCFS2 file system when handling sparse writes with holes spanning across page boundaries, which can be exploited to e.g. disclose the content of previously manipulated files via sparse writes.
Secunia Advisory

win32sux 04-11-2011 08:18 PM
Linux Kernel "inotify_init1()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a double-free error within the implementation of the "inotify_init1()" system call, which can be exploited to e.g. cause a kernel crash.
Secunia Advisory

win32sux 04-12-2011 09:54 AM
Linux Kernel "mremap()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of expanding "mremap()" calls, which can be exploited to cause a "BUG_ON()".
Secunia Advisory

win32sux 04-21-2011 10:47 PM
Linux Kernel "next_pidmap()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "next_pidmap()" function in kernel/pid.c, which can be exploited to cause a kernel crash by e.g. initiating a specially crafted "getdents()" system call.
Secunia Advisory

win32sux 04-21-2011 10:51 PM
Linux Kernel "bcm_release()" NULL Pointer Dereference Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference error within the "bcm_release()" function in net/can/bcm.c, which can be exploited to e.g. cause a kernel crash.
Secunia Advisory

win32sux 04-23-2011 01:20 AM
Linux Kernel Denial of Service and Privilege Escalation Vulnerabilities
 
Quote:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

1) Integer overflow errors within the "agp_generic_insert_memory()" and "agp_generic_remove_memory()" function in drivers/char/agp/generic.c can be exploited to cause a buffer overflow via e.g. specially crafted AGPIOC_BIND and AGPIOC_UNBIND IOCTLs.

2) The implementation of the AGPIOC_RESERVE and AGPIOC_ALLOCATE IOCTLs does not properly handle and track memory allocations, which can be exploited to cause an OOM (Out Of Memory) situation.

Successful exploitation requires access to the "/dev/agpgart" device (usually group "video").
Secunia Advisory

win32sux 05-11-2011 10:27 AM
Linux Kernel Bluetooth Memory Leak Weaknesses
 
Quote:
Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose certain system information.

1) The "l2cap_sock_getsockopt_old()" function in net/bluetooth/l2cap_sock.c does not properly initialise a structure before copying it to userspace, which can be exploited to disclose kernel stack memory.

2) The "rfcomm_sock_getsockopt_old()" function in net/bluetooth/rfcomm/sock.c does not properly initialise a structure before copying it to userspace, which can be exploited to disclose kernel stack memory.
Secunia Advisory

win32sux 05-21-2011 09:06 AM
Linux Kernel "ip_expire()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "ip_expire()" function in net/ipv4/ip_fragment.c, which can be exploited to cause a crash by e.g. sending fragmented packets to the system.
Secunia Advisory

win32sux 06-01-2011 12:12 AM
Linux Kernel "key_replace_session_keyring()" NULL Pointer Dereference Denial of Service
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "key_replace_session_keyring()" function in security/keys/process_keys.c, which can be exploited to cause a NULL pointer dereference and e.g. crash the kernel.

The vulnerability is reported in version 2.6.39. Other versions may also be affected.
Secunia Advisory

win32sux 06-03-2011 10:33 PM
Linux Kernel KSM Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a race condition within the "scan_get_next_rmap_item()" function in mm/ksm.c and can be exploited to cause a kernel crash.

The vulnerability is reported in version 2.6.39. Other versions may also be affected.
Secunia Advisory

win32sux 06-21-2011 10:14 AM
Linux Kernel Transparent Hugepage Support Denial of Service Weakness
 
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The weakness is caused due to an error within the Transparent Hugepage (THP) support in mm/huge_memory.c when MADV_HUGEPAGE regions are configured and can be exploited to cause a kernel panic.

The weakness is reported in version 2.6.39.1. Other versions may also be affected.
Secunia Advisory

win32sux 07-14-2011 10:24 PM
Linux Kernel GFS2 "gfs2_fallocate()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to the "gfs2_fallocate()" function in fs/gfs2/file.c not properly ensuring that allocated bytes are aligned, which can be exploited to cause a "BUG()".
Secunia Advisory

win32sux 07-27-2011 11:14 PM
Linux Kernel Xtensa "ptrace_setxregs()" Memory Disclosure Weakness
 
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.

The weakness is caused due to the "ptrace_setxregs()" function in arch/xtensa/kernel/ptrace.c not properly verifying the provided pointers, which can be exploited to disclose kernel memory.

NOTE: This only affects the Xtensa architecture.
Secunia Advisory

win32sux 07-29-2011 09:43 AM
Linux Kernel GRO "skb_gro_header_slow()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "skb_gro_header_slow()" function (include/linux/netdevice.h), which can be exploited to cause a crash.

Successful exploitation requires that GRO (Generic Receive Offload) is used.
Secunia Advisory

win32sux 08-12-2011 11:02 PM
Linux Kernel "perf" Privilege Escalation Weakness
 
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

The weakness is caused due to the perf utility loading the configuration file from the current directory, which can be exploited to e.g. gain escalated privileges by tricking a user into running the perf utility in a directory containing a malicious configuration file.
Secunia Advisory

win32sux 08-17-2011 12:41 AM
Linux Kernel Event Overflows Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of software event overflows, which can be exploited to cause a crash via a specially crafted application.
Secunia Advisory

win32sux 08-25-2011 08:52 AM
Linux Kernel "CIFSFindNext()" Signedness Error Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a signedness error within the "CIFSFindNext()" function (fs/cifs/cifssmb.c), which can be exploited to e.g. crash a client by sending specially crafted CIFS messages.

Successful exploitation requires that a malicious server is used.
Secunia Advisory

win32sux 09-20-2011 02:02 AM
Linux Kernel CIFS DFS Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when mounting CIFS shares with certain DFS referrals, which can be exploited to trigger a "BUG_ON()" in a client by tricking the victim into mounting from a malicious server.
Secunia Advisory

win32sux 10-18-2011 02:04 AM
Linux Kernel "apparmor_setprocattr()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "apparmor_setprocattr()" function (security/apparmor/lsm.c), which can be exploited to trigger a "BUG_ON()" if a process writes malformed data to its "/attr/current" proc file.
Secunia Advisory

win32sux 10-25-2011 02:24 AM
Linux Kernel ext4 Extent Splitting Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

An error within the implementation of the ext4 file system when splitting extents can be exploited to cause a "BUG_ON()".

The vulnerability is reported in version 2.6.39.4. Other versions may also be affected.
Secunia Advisory

win32sux 10-27-2011 01:07 AM
Linux Kernel ghash NULL Pointer Dereference Vulnerability
 
Quote:
A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference error within the implementation of the GHASH algorithm, which can be exploited to e.g. cause a crash via a specially crafted application.

The vulnerability is confirmed in version 2.6.39.4. Other versions may also be affected.
Secunia Advisory

win32sux 10-27-2011 01:12 AM
Linux Kernel XFS "xfs_readlink()" Buffer Overflow Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

The vulnerability is caused due to a boundary error within the "xfs_readlink()" function (fs/xfs/xfs_vnodeops.c) and can be exploited to cause a buffer overflow via a specially crafted XFS image.
Secunia Advisory

win32sux 11-15-2011 02:38 AM
Linux Kernel "journal_get_superblock()" Denial of Service Vulnerabilities
 
Quote:
Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerabilities are caused due to an error within the "journal_get_superblock()" functions (fs/jbd/journal.c and fs/jbd2/journal.c) and can be exploited to trigger a "BUG_ON()" by e.g. mounting specially crafted ext3 images.
Secunia Advisory

win32sux 11-15-2011 02:40 AM
Linux Kernel NFSv4 Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling certain NFSv4 responses to ACL attribute requests, which can be exploited to e.g. cause a crash by connecting to a malicious NFSv4 server.
Secunia Advisory

win32sux 12-14-2011 12:00 AM
Linux Kernel B.A.T.M.A.N. "bat_socket_read()" Buffer Overflow Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "bat_socket_read()" function (net/batman/icmp_socket.c), which can be exploited to cause a userspace buffer overflow by sending specially crafted packets to a vulnerable system.

The vulnerability is reported in version 2.6.39.4. Other versions may also be affected.
Secunia Advisory

win32sux 12-25-2011 12:38 AM
Linux Kernel KVM PIT Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the "create_pit_timer()" function (arch/x86/kvm/i8254.c) when configuring a Programmable Interrupt Timer (PIT) and can be exploited to cause a NULL pointer dereference resulting in the crash of a host.
Secunia Advisory

win32sux 12-25-2011 12:42 AM
Linux Kernel "SG_IO" SCSI IOCTL Privilege Escalation Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.

The vulnerability is caused due to SG_IO SCSI IOCTL commands being passed down to the block device without properly honoring access restrictions to e.g. single partitions or LVM volumes. This can e.g. be exploited by a privileged guest user in certain virtualisation setups to read from or write to the host's block device.
Secunia Advisory

win32sux 01-08-2012 04:16 AM
Linux Kernel KVM KVM_ASSIGN_PCI_DEVICE IOCTL Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to KVM not properly restricting the KVM_ASSIGN_PCI_DEVICE IOCTL, which can be exploited to stop PCI devices from working by sending specially crafted IOCTLs.
Secunia Advisory

win32sux 01-11-2012 10:41 PM
Linux Kernel "igmp_heard_query()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "igmp_heard_query()" function (net/ipv4/igmp.c) and can be exploited to cause a kernel crash via specially crafted IGMP queries.
Secunia Advisory

win32sux 01-11-2012 10:46 PM
Linux Kernel "xfs_acl_from_disk()" Integer Overflow Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an integer overflow within the "xfs_acl_from_disk()" function (fs/xfs/xfs_acl.c) and can be exploited to corrupt kernel memory.

Successful exploitation requires physical access to systems that automatically mount inserted media devices or that a user is tricked into mounting a malicious filesystem (e.g. USB drives).
Secunia Advisory

win32sux 01-11-2012 10:52 PM
Linux Kernel DRM "drm_mode_dirtyfb_ioctl()" Integer Overflow Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

The vulnerability is caused due to an integer overflow error within the "drm_mode_dirtyfb_ioctl()" function (drivers/gpu/drm/crm_crtc.c) and can be exploited to cause a memory corruption by sending specially crafted IOCTLs.
Secunia Advisory

win32sux 01-12-2012 09:20 PM
Linux Kernel KVM "syscall" Emulation Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

The vulnerability is caused due to KVM not properly handling the "syscall" instruction (opcode 0f05) in certain CPU modes on certain CPU models, which can be exploited to e.g. crash 32bit guest machines and potentially cause 64bit guest machines to behave incorrectly by running a specially crafted executable.
Secunia Advisory

win32sux 01-23-2012 03:42 AM
Linux Kernel "/proc/<pid>/mem" Privilege Escalation Vulnerability
 
Quote:
A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to the kernel not properly restricting access to "/proc/<pid>/mem" file, which can be exploited to gain escalated privileges by e.g. writing into the memory of a privileged process.
Secunia Advisory

win32sux 03-17-2012 01:07 AM
Linux Kernel "__split_huge_page()" Race Condition Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine cause a DoS (Denial of Service).

The vulnerability is caused due to a race condition when handling PMD table entries after a "bad pmd" occurs and can be exploited to cause a kernel crash.
Secunia Advisory

win32sux 04-11-2012 10:21 PM
Linux Kernel "ext4_fill_flex_info()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "ext4_fill_flex_info()" function in fs/ext4/super.c when mounting a file system and can be exploited to cause a division by zero.
Secunia Advisory

win32sux 05-22-2012 01:42 AM
Linux Kernel NFSv4 Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling certain NFSv4 responses to ACL attribute requests and can be exploited to e.g. cause a crash by connecting to a malicious NFSv4 server.
Secunia Advisory

win32sux 05-22-2012 01:43 AM
Linux Kernel mmap_sem Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a race condition error when holding the mmap_sem lock for reading and can be exploited to cause a crash.

Successful exploitation requires that a 64-bit system is used.
Secunia Advisory

win32sux 05-27-2012 03:21 PM
Linux Kernel Huge Pages Memory Leak Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a memory leak within the handling of huge pages and can be exploited to exhaust available memory resulting in various processes being terminated and a kernel panic.

Successful exploitation requires the kernel to be configured with the CONFIG_HUGETLB_PAGE feature.
Secunia Advisory


All times are GMT -5. The time now is 02:49 PM.
Page 6 of 6 « First 45 6
Show 50 post(s) from this thread on one page