Summary
Detail | |||
---|---|---|---|
Vendor | Linux | First view | 2006-07-05 |
Product | Linux Kernel | Last view | 2024-09-06 |
Version | 2.6.26 | Type | Os |
Update | - | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:linux:linux_kernel |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.5 | 2024-09-06 | CVE-2023-52915 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") |
5.5 | 2024-09-04 | CVE-2024-45006 | In the Linux kernel, the following vulnerability has been resolved: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration re-enumerating full-speed devices after a failed address device command can trigger a NULL pointer dereference. Full-speed devices may need to reconfigure the endpoint 0 Max Packet Size value during enumeration. Usb core calls usb_ep0_reinit() in this case, which ends up calling xhci_configure_endpoint(). On Panther point xHC the xhci_configure_endpoint() function will additionally check and reserve bandwidth in software. Other hosts do this in hardware If xHC address device command fails then a new xhci_virt_device structure is allocated as part of re-enabling the slot, but the bandwidth table pointers are not set up properly here. This triggers the NULL pointer dereference the next time usb_ep0_reinit() is called and xhci_configure_endpoint() tries to check and reserve bandwidth [46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd [46710.713699] usb 3-1: Device not responding to setup address. [46710.917684] usb 3-1: Device not responding to setup address. [46711.125536] usb 3-1: device not accepting address 5, error -71 [46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008 [46711.125600] #PF: supervisor read access in kernel mode [46711.125603] #PF: error_code(0x0000) - not-present page [46711.125606] PGD 0 P4D 0 [46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI [46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1 [46711.125620] Hardware name: Gigabyte Technology Co., Ltd. [46711.125623] Workqueue: usb_hub_wq hub_event [usbcore] [46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c Fix this by making sure bandwidth table pointers are set up correctly after a failed address device command, and additionally by avoiding checking for bandwidth in cases like this where no actual endpoints are added or removed, i.e. only context for default control endpoint 0 is evaluated. |
5.5 | 2024-09-04 | CVE-2024-45002 | In the Linux kernel, the following vulnerability has been resolved: rtla/osnoise: Prevent NULL dereference in error handling If the "tool->data" allocation fails then there is no need to call osnoise_free_top() and, in fact, doing so will lead to a NULL dereference. |
5.5 | 2024-09-04 | CVE-2024-45000 | In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check This fixes a NULL pointer dereference bug due to a data race which looks like this: BUG: kernel NULL pointer dereference, address: 0000000000000008 This happened because fscache_cookie_state_machine() was slow and was still running while another process invoked fscache_unuse_cookie(); this led to a fscache_cookie_lru_do_one() call, setting the FSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by fscache_cookie_state_machine(), withdrawing the cookie via cachefiles_withdraw_cookie(), clearing cookie->cache_priv. At the same time, yet another process invoked cachefiles_prepare_write(), which found a NULL pointer in this code line: struct cachefiles_object *object = cachefiles_cres_object(cres); The next line crashes, obviously: struct cachefiles_cache *cache = object->volume->cache; During cachefiles_prepare_write(), the "n_accesses" counter is non-zero (via fscache_begin_operation()). The cookie must not be withdrawn until it drops to zero. The counter is checked by fscache_cookie_state_machine() before switching to FSCACHE_COOKIE_STATE_RELINQUISHING and FSCACHE_COOKIE_STATE_WITHDRAWING (in "case FSCACHE_COOKIE_STATE_FAILED"), but not for FSCACHE_COOKIE_STATE_LRU_DISCARDING ("case FSCACHE_COOKIE_STATE_ACTIVE"). This patch adds the missing check. With a non-zero access counter, the function returns and the next fscache_end_cookie_access() call will queue another fscache_cookie_state_machine() call to handle the still-pending FSCACHE_COOKIE_DO_LRU_DISCARD. |
7.1 | 2024-09-04 | CVE-2024-44999 | In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->head before accessing fields in them. Use pskb_inet_may_pull() to fix this issue. [1] BUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] Uninit was created at: CPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 |
7.8 | 2024-09-04 | CVE-2024-44998 | In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released. |
7.8 | 2024-09-04 | CVE-2024-44997 | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band and with WED on, turning the interface down will cause a kernel panic on MT798X. Previously, cb_priv was freed in mtk_wed_setup_tc_block() without marking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too. Assign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL in mtk_wed_setup_tc_block_cb(). ---------- Unable to handle kernel paging request at virtual address 0072460bca32b4f5 Call trace: |
5.5 | 2024-09-04 | CVE-2024-44995 | In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: In reset process, the driver will DOWN the port and then UINIT, in this case, the setup tc process will UP the port before UINIT, so cause the problem. Adds a DOWN process in UINIT to fix it. |
7.1 | 2024-09-04 | CVE-2024-44993 | In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()` When enabling UBSAN on Raspberry Pi 5, we get the following warning: [ 387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3 [ 387.903868] index 7 is out of range for type '__u32 [7]' [ 387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G WC 6.10.3-v8-16k-numa #151 [ 387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT) [ 387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched] [ 387.932525] Call trace: [ 387.935296] dump_backtrace+0x170/0x1b8 [ 387.939403] show_stack+0x20/0x38 [ 387.942907] dump_stack_lvl+0x90/0xd0 [ 387.946785] dump_stack+0x18/0x28 [ 387.950301] __ubsan_handle_out_of_bounds+0x98/0xd0 [ 387.955383] v3d_csd_job_run+0x3a8/0x438 [v3d] [ 387.960707] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched] [ 387.966862] process_one_work+0x62c/0xb48 [ 387.971296] worker_thread+0x468/0x5b0 [ 387.975317] kthread+0x1c4/0x1e0 [ 387.978818] ret_from_fork+0x10/0x20 [ 387.983014] ---[ end trace ]--- This happens because the UAPI provides only seven configuration registers and we are reading the eighth position of this u32 array. Therefore, fix the out-of-bounds read in `v3d_csd_job_run()` by accessing only seven positions on the '__u32 [7]' array. The eighth register exists indeed on V3D 7.1, but it isn't currently used. That being so, let's guarantee that it remains unused and add a note that it could be set in a future patch. |
5.5 | 2024-09-04 | CVE-2024-44992 | In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid possible NULL dereference in cifs_free_subrequest() Clang static checker (scan-build) warning: Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in R/W requests") adds a check for 'rdata->server', and let clang throw this warning about NULL dereference. When 'rdata->credits.value != 0 && rdata->server == NULL' happens, add_credits_and_wake_if() will call rdata->server->ops->add_credits(). This will cause NULL dereference problem. Add a check for 'rdata->server' to avoid NULL dereference. |
5.5 | 2024-09-04 | CVE-2024-44990 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer. |
5.5 | 2024-09-04 | CVE-2024-44989 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set. Example trace: |
7.8 | 2024-09-04 | CVE-2024-44987 | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has been fixed in commit a688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()") Another potential issue in ip6_finish_output2() is handled in a separate patch. [1] CPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: Allocated by task 6530: Freed by task 45: |
7.8 | 2024-09-04 | CVE-2024-44986 | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive. |
7.8 | 2024-09-04 | CVE-2024-44985 | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6_xmit() If skb_expand_head() returns NULL, skb has been freed and the associated dst/idev could also have been freed. We must use rcu_read_lock() to prevent a possible UAF. |
7.1 | 2024-09-04 | CVE-2024-44983 | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 |
5.5 | 2024-09-04 | CVE-2024-44981 | In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() UBSAN reports the following 'subtraction overflow' error when booting in a virtual machine on Android: | Internal error: UBSAN: integer subtraction overflow: 00000000f2005515 [#1] PREEMPT SMP This is due to shift_and_mask() using a signed immediate to construct the mask and being called with a shift of 31 (WORK_OFFQ_POOL_SHIFT) so that it ends up decrementing from INT_MIN. Use an unsigned constant '1U' to generate the mask in shift_and_mask(). |
7.8 | 2024-09-04 | CVE-2024-44978 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy the VM. Prevent UAF by freeing job before xe_exec_queue_put. (cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f) |
7.8 | 2024-09-04 | CVE-2024-44974 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free. A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The address ID might need to be modified later to handle the ID0 case later, so a copy seems OK to deal with. |
5.5 | 2024-09-04 | CVE-2024-44971 | In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() bcm_sf2_mdio_register() calls of_phy_find_device() and then phy_device_remove() in a loop to remove existing PHY devices. of_phy_find_device() eventually calls bus_find_device(), which calls get_device() on the returned struct device * to increment the refcount. The current implementation does not decrement the refcount, which causes memory leak. This commit adds the missing phy_device_free() call to decrement the refcount via put_device() to balance the refcount. |
7.8 | 2024-09-04 | CVE-2024-44964 | In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring q_vector->vport pointers after reinitializating the structures. This is due to that all queue allocation functions are performed here with the new temporary vport structure and those functions rewrite the backpointers to the vport. Then, this new struct is freed and the pointers start leading to nowhere. But generally speaking, the current logic is very fragile. It claims to be more reliable when the system is low on memory, but in fact, it consumes two times more memory as at the moment of running this function, there are two vports allocated with their queues and vectors. Moreover, it claims to prevent the driver from running into "bad state", but in fact, any error during the rebuild leaves the old vport in the partially allocated state. Finally, if the interface is down when the function is called, it always allocates a new queue set, but when the user decides to enable the interface later on, vport_open() allocates them once again, IOW there's a clear memory leak here. Just don't allocate a new queue set when performing a reset, that solves crashes and memory leaks. Readd the old queue number and reopen the interface on rollback - that solves limbo states when the device is left disabled and/or without HW queues enabled. |
5.5 | 2024-09-04 | CVE-2024-44957 | In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wakeup() gets EPOLLHUP, when it is called by eventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which gets called under spin_lock_irqsave(). We can't use a mutex here as it will lead to a deadlock. Fix it by switching over to a spin lock. |
5.5 | 2024-09-04 | CVE-2024-44956 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/preempt_fence: enlarge the fence critical section It is really easy to introduce subtle deadlocks in preempt_fence_work_func() since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so even though we signal a particular fence, everything in the callback should be in the fence critical section, since blocking in the callback will prevent other published fences from signalling. If we enlarge the fence critical section to cover the entire callback, then lockdep should be able to understand this better, and complain if we grab a sensitive lock like vm->lock, which is also held when waiting on preempt fences. |
5.5 | 2024-09-04 | CVE-2024-44953 | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work, and the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume. Here is deadlock backtrace: kworker/0:1 D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367 ptr f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff Skip updating RTC if RPM state is not RPM_ACTIVE. |
5.5 | 2024-09-04 | CVE-2024-44952 | In the Linux kernel, the following vulnerability has been resolved: driver core: Fix uevent_show() vs driver detach race uevent_show() wants to de-reference dev->driver->name. There is no clean way for a device attribute to de-reference dev->driver unless that attribute is defined via (struct device_driver).dev_groups. Instead, the anti-pattern of taking the device_lock() in the attribute handler risks deadlocks with code paths that remove device attributes while holding the lock. This deadlock is typically invisible to lockdep given the device_lock() is marked lockdep_set_novalidate_class(), but some subsystems allocate a local lockdep key for @dev->mutex to reveal reports of the form: ====================================================== but task is already holding lock: which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&cxl_root_key){+.+.}-{3:3}: -> #0 (kn->active#6){++++}-{0:0}: The observation though is that driver objects are typically much longer lived than device objects. It is reasonable to perform lockless de-reference of a @driver pointer even if it is racing detach from a device. Given the infrequency of driver unregistration, use synchronize_rcu() in module_remove_driver() to close any potential races. It is potentially overkill to suffer synchronize_rcu() just to handle the rare module removal racing uevent_show() event. Thanks to Tetsuo Handa for the debug analysis of the syzbot report [1]. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
15% (458) | CWE-416 | Use After Free |
15% (434) | CWE-476 | NULL Pointer Dereference |
6% (197) | CWE-362 | Race Condition |
6% (182) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
5% (161) | CWE-200 | Information Exposure |
5% (158) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
4% (141) | CWE-787 | Out-of-bounds Write |
4% (126) | CWE-125 | Out-of-bounds Read |
4% (126) | CWE-20 | Improper Input Validation |
3% (91) | CWE-264 | Permissions, Privileges, and Access Controls |
3% (90) | CWE-399 | Resource Management Errors |
3% (88) | CWE-667 | Insufficient Locking |
2% (79) | CWE-190 | Integer Overflow or Wraparound |
1% (50) | CWE-189 | Numeric Errors |
1% (46) | CWE-415 | Double Free |
1% (46) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (39) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
0% (24) | CWE-269 | Improper Privilege Management |
0% (23) | CWE-770 | Allocation of Resources Without Limits or Throttling |
0% (21) | CWE-369 | Divide By Zero |
0% (19) | CWE-665 | Improper Initialization |
0% (17) | CWE-129 | Improper Validation of Array Index |
0% (14) | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
0% (13) | CWE-772 | Missing Release of Resource after Effective Lifetime |
0% (12) | CWE-755 | Improper Handling of Exceptional Conditions |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-42 | MIME Conversion |
CAPEC-44 | Overflow Binary Resource File |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-61 | Session Fixation |
CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
CAPEC-100 | Overflow Buffers |
CAPEC-112 | Brute Force |
CAPEC-122 | Exploitation of Authorization |
CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
CAPEC-232 | Exploitation of Privilege/Trust |
CAPEC-234 | Hijacking a privileged process |
CAPEC-281 | Analytic Attacks |
SAINT Exploits
Description | Link |
---|---|
Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation | More info here |
Ubuntu overlayfs privilege elevation | More info here |
Linux kernel futex_requeue privilege elevation | More info here |
Linux Dirty COW Local File Overwrite | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78509 | Linux Kernel /proc/<pid>/mem Access Restriction Weakness Local Privileg... |
78303 | Linux Kernel sctp_rcv() / sctp_accept() Socket Lock Race Remote DoS |
78302 | Linux Kernel m_stop() Implementation Local DoS |
78301 | Linux Kernel NSF O_Direct Implementation Local DoS |
78264 | Linux Kernel KVM syscall Instruction Executable Handling Local DoS |
78226 | Linux Kernel fs/xfs/xfs_acl.c xfs_acl_from_disk() Function Memory Corruption |
78225 | Linux Kernel net/ipv4/igmp.c igmp_heard_query() Function IGMP Query Parsing R... |
78014 | Linux Kernel SG_IO SCSI IOCTL Command Parsing Local Privilege Escalation |
77780 | Linux Kernel B.A.T.M.A.N. net/batman/icmp_socket.c bat_socket_read() Packet P... |
77684 | Linux Kernel OMAP4 Bridge Networking Interface Network Packet Parsing Remote DoS |
77683 | Linux Kernel HFS File System Mount Local Privilege Escalation |
77626 | Linux Kernel kvm_vm_ioctl_assign_device Function /dev/kym Local DoS |
77625 | Linux Kernel NFSv4 Mount mknod(2) Syscall Local DoS |
77485 | Linux Kernel /mm/oom_kill.c Local Overflow |
77452 | OpenFabrics Enterprise Distribution (OFED) RDS_FLAG_CONG_BITMAP Flagged RDS M... |
77360 | Linux Kernel TX_SKB_SHARING Local DoS |
77295 | Linux Kernel UFO IPv6 UDP Datagram Parsing Remote DoS |
77293 | Linux Kernel b43 Driver Wireless Interface Frame Parsing Remote DoS |
76805 | Linux Kernel net/core/net_namespace.c Network Namespace Cleanup Weakness Remo... |
76796 | Linux Kernel taskstats Access Restriction Weakness Local Information Disclosure |
76793 | Linux Kernel security/apparmor/lsm.c apparmor_setprocattr() Function /attr/cu... |
76666 | Linux Kernel ext4 Extent Splitting BUG_ON() Local DoS |
76641 | Linux Kernel fs/xfs/xfs_vnodeops.c xfs_readlink() Function XFS Image Handling... |
76639 | Linux Kernel NULL Pointer Dereference ghash Algorithm Local DoS |
76259 | Linux Kernel fs/fuse/dev.fuse_notify_inval_entry() Function FUSE_NOTIFY_INVAL... |
ExploitDB Exploits
id | Description |
---|---|
35370 | Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 |
35161 | Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2 |
34923 | Linux Kernel remount FUSE Exploit |
34134 | Linux Kernel ptrace/sysret - Local Privilege Escalation |
33824 | Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid) |
33516 | Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition... |
33336 | Linux Kernel 3.3-3.8 - SOCK_DIAG Local Root Exploit |
32926 | Linux group_info refcounter - Overflow Memory Corruption |
31574 | Linux ARM - Local Root Exploit |
31347 | linux 3.4+ local root (CONFIG_X86_X32=y) |
31346 | Linux 3.4+ Arbitrary write with CONFIG_X86_X32 |
26131 | Linux kernel perf_swevent_init - Local root Exploit |
18411 | Mempodipper - Linux Local Root for >=2.6.39, 32-bit and 64-bit |
18378 | Linux IGMP Remote Denial Of Service (Introduced in linux-2.6.36) |
17787 | Linux Kernel < 2.6.36.2 Econet Privilege Escalation Exploit |
16973 | Linux <= 2.6.37-rc1 serial_core TIOCGICOUNT Leak Exploit |
16952 | Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS |
16263 | Linux Kernel <= 2.6.37 Local Kernel Denial of Service |
15774 | Linux Kernel < 2.6.37-rc2 ACPI custom_method Privilege Escalation |
15704 | Linux Kernel <= 2.6.37 - Local Privilege Escalation |
15344 | Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability |
15285 | Linux RDS Protocol Local Privilege Escalation |
15150 | Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure |
14814 | Linux Kernel < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit |
14594 | Linux Kernel <= 2.6.33.3 SCTP INIT Remote DoS |
OpenVAS Exploits
id | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2389-1 (linux-2.6 - privilege escalation/denial ... File : nvt/deb_2389_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2443-1 (linux-2.6 - privilege escalation/denial ... File : nvt/deb_2443_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2469-1 (linux-2.6 - privilege escalation/denial ... File : nvt/deb_2469_1.nasl |
2012-12-26 | Name : CentOS Update for kernel CESA-2012:1580 centos6 File : nvt/gb_CESA-2012_1580_kernel_centos6.nasl |
2012-12-26 | Name : RedHat Update for kernel RHSA-2012:1580-01 File : nvt/gb_RHSA-2012_1580-01_kernel.nasl |
2012-12-26 | Name : Ubuntu Update for linux USN-1669-1 File : nvt/gb_ubuntu_USN_1669_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux-ti-omap4 USN-1670-1 File : nvt/gb_ubuntu_USN_1670_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux USN-1671-1 File : nvt/gb_ubuntu_USN_1671_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux-ti-omap4 USN-1673-1 File : nvt/gb_ubuntu_USN_1673_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux USN-1677-1 File : nvt/gb_ubuntu_USN_1677_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux-lts-backport-oneiric USN-1678-1 File : nvt/gb_ubuntu_USN_1678_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux-ti-omap4 USN-1679-1 File : nvt/gb_ubuntu_USN_1679_1.nasl |
2012-12-18 | Name : Fedora Update for kernel FEDORA-2012-20240 File : nvt/gb_fedora_2012_20240_kernel_fc16.nasl |
2012-12-14 | Name : Ubuntu Update for linux-ec2 USN-1664-1 File : nvt/gb_ubuntu_USN_1664_1.nasl |
2012-12-11 | Name : Ubuntu Update for linux USN-1660-1 File : nvt/gb_ubuntu_USN_1660_1.nasl |
2012-12-11 | Name : Ubuntu Update for linux USN-1661-1 File : nvt/gb_ubuntu_USN_1661_1.nasl |
2012-12-06 | Name : CentOS Update for kernel CESA-2012:1540 centos5 File : nvt/gb_CESA-2012_1540_kernel_centos5.nasl |
2012-12-06 | Name : RedHat Update for kernel RHSA-2012:1540-01 File : nvt/gb_RHSA-2012_1540-01_kernel.nasl |
2012-12-06 | Name : Ubuntu Update for linux-ec2 USN-1653-1 File : nvt/gb_ubuntu_USN_1653_1.nasl |
2012-12-04 | Name : Fedora Update for kernel FEDORA-2012-19337 File : nvt/gb_fedora_2012_19337_kernel_fc17.nasl |
2012-12-04 | Name : Ubuntu Update for linux USN-1644-1 File : nvt/gb_ubuntu_USN_1644_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux-ti-omap4 USN-1645-1 File : nvt/gb_ubuntu_USN_1645_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux USN-1646-1 File : nvt/gb_ubuntu_USN_1646_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux-ti-omap4 USN-1647-1 File : nvt/gb_ubuntu_USN_1647_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux USN-1648-1 File : nvt/gb_ubuntu_USN_1648_1.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0150 | Multiple Security Vulnerabilities in Juniper Networks CTPView Severity: Category I - VMSKEY: V0061073 |
2012-A-0153 | Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0033884 |
2012-A-0148 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0033794 |
2012-A-0136 | Multiple Vulnerabilities in Juniper Network Management Products Severity: Category I - VMSKEY: V0033662 |
2012-A-0073 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0032171 |
2012-A-0056 | Multiple Vulnerabilities in VMWare ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0031979 |
2012-A-0020 | Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity: Category I - VMSKEY: V0031252 |
2011-A-0147 | Multiple Vulnerabilities in VMware ESX and ESXi Severity: Category I - VMSKEY: V0030545 |
2011-A-0075 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0028311 |
2011-A-0066 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0027158 |
2010-B-0085 | Linux Kernel Privilege Escalation Vulnerability Severity: Category I - VMSKEY: V0025410 |
2010-A-0037 | Multiple Vulnerabilities in Linux Kernel Severity: Category I - VMSKEY: V0022704 |
2010-A-0015 | Multiple Vulnerabilities in Red Hat Linux Kernel Severity: Category I - VMSKEY: V0022631 |
2010-A-0001 | Multiple Vulnerabilities in Linux Kernel Severity: Category I - VMSKEY: V0022180 |
2009-T-0024 | Multiple Vulnerabilities in Linux Kernel Severity: Category I - VMSKEY: V0018983 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-11-19 | Linux kernel af_packet tpacket_rcv integer overflow attempt RuleID : 56052 - Type : OS-LINUX - Revision : 1 |
2020-11-19 | Linux kernel af_packet tpacket_rcv integer overflow attempt RuleID : 56051 - Type : OS-LINUX - Revision : 1 |
2019-09-26 | Google Android Kernel local denial of service attempt RuleID : 51291 - Type : OS-MOBILE - Revision : 1 |
2019-09-26 | Google Android Kernel local denial of service attempt RuleID : 51290 - Type : OS-MOBILE - Revision : 1 |
2017-11-21 | Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt RuleID : 44638 - Type : PROTOCOL-RPC - Revision : 1 |
2017-11-21 | Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt RuleID : 44637 - Type : PROTOCOL-RPC - Revision : 1 |
2017-08-24 | Linux kernel SCTP invalid chunk length denial of service attempt RuleID : 43692 - Type : OS-LINUX - Revision : 1 |
2017-07-18 | Linux kernel NFSv3 malformed WRITE arbitrary memory read attempt RuleID : 43189 - Type : PROTOCOL-RPC - Revision : 2 |
2017-07-18 | Linux kernel NFSv2 malformed WRITE arbitrary memory read attempt RuleID : 43188 - Type : PROTOCOL-RPC - Revision : 2 |
2017-01-18 | Linux net af_packet.c tpacket version race condition use after free attempt RuleID : 41028 - Type : OS-LINUX - Revision : 2 |
2017-01-18 | Linux net af_packet.c tpacket version race condition use after free attempt RuleID : 41027 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40566 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40565 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40564 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40563 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40562 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40561 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40560 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40543 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40542 - Type : OS-LINUX - Revision : 2 |
2018-05-23 | Linux Kernel Challenge ACK provocation attempt RuleID : 40063-community - Type : OS-LINUX - Revision : 5 |
2016-10-11 | Linux Kernel Challenge ACK provocation attempt RuleID : 40063 - Type : OS-LINUX - Revision : 5 |
2016-09-17 | Linux Kernel USBIP out of bounds write attempt RuleID : 39894 - Type : OS-LINUX - Revision : 4 |
2016-09-17 | Linux Kernel USBIP out of bounds write attempt RuleID : 39893 - Type : OS-LINUX - Revision : 4 |
2016-03-29 | Linux kernel SCTP INIT null pointer dereference attempt RuleID : 38346 - Type : OS-LINUX - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-17 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO |
2019-01-15 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-337484d88b.nasl - Type: ACT_GATHER_INFO |
2019-01-15 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-b0f7a7b74b.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2016-104.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-072.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-077.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-085.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-086.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-088.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-089.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-0edb45d9db.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-1621b2204a.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-272cf2f9f4.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-2c6bd93875.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-3857a8b41a.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-50075276e8.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-5453baa4af.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-5904d0794d.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-5926c0ffc8.nasl - Type: ACT_GATHER_INFO |