Computer Security
[EN] no-pyccku

See also
  LINUX : kernel 4.0
  LINUX : kernel 3.18
  LINUX : kernel 3.17
  LINUX : kernel 3.16
  LINUX : kernel 3.15
  LINUX : kernel 3.13
  LINUX : kernel 3.13
  LINUX : kernel 3.12
  LINUX : kernel 3.11
  LINUX : kernel 3.8
Name:LINUX : kernel 2.6

7!Linux privilege escalation
document ring 0 code execution via futex syscall.
9!Linux kernel security vulnerabilities
updated since 08.01.2014
document ptrace information leakage, debug functions privilege escalation, cprng weak PRNG, networking dissector DoS, multiple integer overflows, buffer overlows in WiMax, USB and different devices drivers, UDP fragmentation offload uninitialized memory, privilege escalations. NAT conntrack information leakage.
9!Linux kernel security vulnerabilities
updated since 13.11.2013
document DoS conditions, information leakage, tuntap interface privilege escalation, bt8xx driver privilege escalation, IPv6 ICTP, UDP offload, ipip memory corruptions.
6!Linux kernel buffer overflow
document Heap buffer overflow on eCryptfs request procesing.
6!Linux kernel mulriple security vulnerabilities
updated since 09.09.2013
document Privilege escalations, information leakages, DoS conditions.
 Linux kernel security vulnerabilities
updated since 14.02.2013
document Privilege escalation, information leak.
 Linux kernel security vulnerabilities
updated since 02.01.2013
document Invalid hot-added memory handling, information leakage on module loading, DoS.
7!Linux kernel IPv6 filterin bypass
document It's possible to bypass filtering with overlapping fragments.
 Linux security vulnerabilities
document Information leakage, DoS.
6!Linux kernel multiple security vulnerabilities
document DoS conditions, information leakage.
7!Linux kernel multiple security vulnerabilities
document Multiple DoS conditions, privilege escalation.
 Linux kernel multiple security vulnerabilities
document DoS, privilege escalation.
6!Linux kernel multiple security vulnerabilities
updated since 14.05.2012
document DoS conditions, protection bypass, buffer overflow
6!Linux kernel multiple security vulnerabilities
updated since 02.04.2012
document DoS, information leakage, privilege escalation.
 Linux kernel multiple security vulnerabilities
document LDM and NFSv4 file systems DoS, futexes privilege escalation.
7!Linux kernel multiple security vulnerabilities
document File systems privilege escalation, /proc privilege escalation, IGMP DoS.
6!Linux privilege escalation
document Under some condirions mem_write allows to overrite process memory.
6!Linux kernel multiple security vulnerabilities
document DoS conditions, information leaks, privilege escalation.
6!Linux kernel multiple security vulnerabilities
document Multiple DoS conditions.
7!Linux kernel multiple security vulnerabilities
document Multipe local DoS conditions, information leaks, IPv6 remote DoS, X.25 code execution.
7!Linux kernel security vulnerabilities
document Predictable TCP ISN numbers, CIFS client memory corruption.
 Linux kernel DoS
document Crash on BeFS filesystem parsing.
 Linux kernel multiple DoS conditions
document epoll() DoS conditions, tkill() privilege escalation, buffer overflows in bluetooth stack.
7!Linux kernel security vulnerabilities
updated since 08.05.2011
document DoS via InfiniBand, DoS via InfinyBand disks, multiple DoS conditions, memory corruptions and information leaks, buffer overflow in IrDA, DoS via VLANs, CIFS authentication bypass, DoS via GRE.
 Linux kernel EFI/XFS DoS
updated since 14.04.2011
document Buffer overflow on partiotion GUID parsing.
8!Linux kernel ICMP DoS
document Crash on ICMP handling may be blindly remotely exploited from spoofed addresses.
 Linux kernel multiple security vulnerabilities
document Privilege escalation, multiple information leaks.
 libvirt protection bypass
 Linux pertiotions handling multiple security vulnerabilities
document Memory corruptions, information leaks, DoS.
7!Linux kernel multiple security vulnerabilities
document DoS via sendmsg, mprotect, setsockopt, Hypervisor/KVM etc, information leaks, privilege escalation.
 Linux privilege escalation
document It's possible to elevate privileges from CAP_SYS_ADMIN to root via Phonet protocol.
 Linux kernel multiple security vulnerabilities
updated since 01.12.2010
document Multiple DoS conditions, priviloege esclations, memory leaks from kernel memory, DoS via SCTP protocol, DoS via X.25.
 Linux kernel information leak
document It's possible to access kernel uninitialied memory by using BPF filters.
6!Linux kernel RDS protocol privilege escalation
document It's possible to overwite kernel memory regions via recvmsg() for RDS protocol.
6!Linux kernel multiple security vulnerabilities
updated since 11.09.2010
document DoS conditions, CIFS client privilege escalation, do_anonymous_page privilege escalation, information leak in XFS, privilege escalation in compat_alloc_user_space().
6!Linux kernel multiple security vulnerabilities
document Information leaks, privilege escalations, DoS.
 Linux kernel privilege escalation
updated since 25.02.2010
document Privilege escalation with wake_futex_pi function.
9!Linux kernel multiple security vulnerabilities
document DoS conditions, privilege escalations, kernel memory access, weak permissions.
7!Linux kernel multiple security vulnerabilities
document Crash on malformed IP packet defragmentation, privilege escalation with Ext4 "move extents" ioctl.
6!Linux kernel multiple security vulnerabilities
document Information leakage, DoS conditions, privilege escalation.
 kvm privilege escalation
document kvm_emulate_hypercall doesn't filter MMU hypercalls from ring 0.
7!Linux kernel uninitialized pointers
updated since 14.08.2009
document proto_ops structure uninitialized pointers.
6!Linux eCryptfs buffer overflow
document Buffer overflows on parse_tag_11_packet and parse_tag_3_packet functions.
 Linux kernel DoS
document NULL pointer dereference on /dev/kvm call handling.
7!Linux kernel privilege escalation
updated since 20.07.2009
document Error in NULL pointer dereference error handling.
6!Linux kernel multiple security vulnerabilities
document RTL8169 driver DoS, deadlock in inode processing code.
 Linux kernel DoS
document Deadlog on splice calls handling.
6!Linux kernel multiple security vulnerabilities
document CIFS client buffer overflow, Xen DoS, nfs4 files execution.
7!Linux kernel multiple security vulnerabilities
document Multiple DoS conditions, peivilege escalations, information leaks and memory corruptions.
 Linux kernel multiple security vulnerabilities
document Unauthorized skfp_ioctl statistics reset, getsockopt() information leak.
 Linux kernel multiple security vulnerabilities
document Multiple DoS conditions.
 Linux kernel DoS
document Race conditions during socket message input/ouput processing on Unix sockets.
6!Linux kernel multiple security vulnerabilities
updated since 09.12.2008
document Double listen() on the same socket causes creation of unassigned vcc table entry, which causes infinite loop in kernel on attempt to cat vc table. inotify subsystem race conditions allow privilege escalation, socket-related memory exhaustion. chip_command() NULL pointer dereference. HFS file sytem mounting buffer overflow.
6!Linux kernel multiple security vulnerabilities
updated since 05.11.2008
document Buffer overflow on oversized ESSID in ndiswrapper. DoS with corrupter ext2 / ext3 filesystem.
 Linux kernel multiple security vulnerabilities
document Multiple DoS conditions
6!Linux kernel multiple security vulnerabilities
updated since 14.10.2008
 Linux kernel multiple security vulnerabilities
updated since 13.09.2008
document Multiple local DoS conditions, snd_seq_oss_synth_make_info() information leaks, integer overflows in DCCP and SCTP_AUTH_KEY.
6!Linux kernel multiple security vulnerabilities
document IPSec ESP pacjet parsing DoS, multiple local DoS conditions, kernel memory data leak, privilege escalation.
8!Linux kernel multiple security vulnerabilities
document Buffer overflow in CIFS and SNMP ASN.1 parsing code. Buffer overflow in DCCP.
 Linux kernel multiple security vulnerabilities
document fcntl() race conditions, tehuti driver privilege escalation.
 Linux multiple security vulnerabilities
document Memory leak in IPv6 over IPv4 tunnels, mmap DoS on the SPARC architecture, DoS on amd64 architecture, DoS with hrtimer integer overflow on 64bit architectures.
 Linux kernel DoS
document fcntl code race conditions.
6!Linux multiple security vulnerabilities
document Multiple DoS conditions and privilege escalation.
6!Linux kernel information leak
document Kernel memory access with fault handlers.
7!Linux kernel multiple security vulnerabilities
updated since 11.02.2008
document Kernel memory access with vmsplice syscall, access between virtual machines with /proc
6!Linux kernel filesystem DoS
document Local user can corrupt filesystem.
6!Linux kernel IPv6 DoS
document Uninitialized memory reference.
7!Linux multiple security vulnerabilities
document DoS with minix filesystem, integer overflow in hrtimer subsystem, buffer overflow on ISDN IOCTL handling, invalid coredump files handling.
 Linux kernel hpet timers DoS
 Linux multiple security vulnerabilities
document Integer overflow on IEEE 802.11 frame, DoS with minix filesystem.
6!Linux kernel multiple security vulnerabilities
document Multiple DoS conditions.
 Linux kernel JFFS2 filesystem permissions vulnerability
document New permissions are not saved to media, cause the use of older permissions on media remount.
 Linux kernel ALSA information leak
document snd_proc_mem_read returns uninitialized kernel memory data.
6!64-bit Linux kernel privilege escalation
document Insufficient registry access validation on 32-bit syscalls emulation.
 Linux aacraid driver IOCTL privilege escalation
document Insufficient user's permissions check leads to denial of service conditions or privilege escalation.
6!Multiple Linux kernel vulnerabilities
document nf_conntrack_h323 NULL pointer dereference, invalid suid applications parent process termination signal handling, privilege escalation on Intel 965 chipset.
6!Linux kernel multiple security vulnerabilities
updated since 19.07.2007
document DoS with cluster manager, DoS with usblcd driver, DoS with VFAT IOCTL.
6!Linux kernel multiple security vulnerabilities
document Kernel memory content leak in cpuset and setsockopt. Weak PRNG generator. GEODE-AES weak encryption key generation.
6!Array overflow in Linux kernel
document DecNET dn_fib_props() and TCP/IP fib_props() functions array index overflow.
 Linux netlink DoS
document Invalid processing of NETLINK_FIB_LOOKUP responses.
6!Linux and BSD based Unix system IPv6 traffic amplification
document IPv6 routing header allows to set route in a way to trasmit packet for multiple times over the same link.
 Linux AppleTalk DoS
document Denial of Service on AppleTalk frame parsing.
 Linux IPv6 socket double memory free vulnerability
document Double memory free in ipv6_fl_socklist.
6!Linux kernel DCCP information leak
document Integer overflow in getsockopt for SOL_DCCP gives ability to read content of kernel memory.
6!Linux netfilter multiple security vulnerabilities
document Protection bypass with fragmented IPv6 packets, denial of service.
 Linux setsockopt / getsockopt IPv6 DoS
document IPV6_RTHDR option with invalid value causes system crash.
7!Linux CAPI library buffer overflow
document Buffer overflow in debug printing function.
6!Linux SCSI devices unauthorized access
document pam module problem allows console users to access generic SCSI and pseudo-SCSI devices directly.
 Linux kernel privilege escalation
updated since 11.11.2004
document Invalid exception conditions handling leads to multiple reace conditions with privileged memory access.
6!Linux kernel keyctl DoS
document Race condition during unique key generation cause NULL pointer dereference on multiprocessor box.
 Multiple Linux kernel vulnerabilities
document Multiple DoS conditions in syscalls processing.
 Multiple Linux kernel security vulnerabilities
document IrDA TTP header buffer overflow. Tokenring memory corruption. do_coredump symbolic links problem.
 Linux Kernel Bluetooth CAPI DoS
document It's possible to overwrite internal kernel objects with CAPI message.
6!Linux kernel IPv6 filtering bypass
document It's possible to bypass filtering by using fragmented packets.
 Linux kernel DoS
document Special SO_LINGER value for SCTP socket causes system to crash. ELF loader vulnerability on 64-bit system causes system to crash on malformed ELF binary.
 Linux kernel ULE packet DoS
document Crash on receiving packet with zero SNDU length.
 Linux kernel UDF DoS
document System crash on connecting device (USB, CD-ROM) with invalid UDF filesystem.
6!Linux SCTP privilege escalation
 Multiple Linux kernel DoS condiotions
document DoS with SG driver, HID0[31] bit clearing problem on PPC970 processors.
6!Linux kernel procfs race conditions
document Privilege escalation is possible.
7!Linux cored ump files privilege escalation
document Application can create coredump file in any directory by setting rlimits.
6!Linux / FreeBSD kernel SMBFS/CIFSFS chroot restriction bypass
updated since 28.04.2006
document It's possible to traverse chroot directory.
6!Multiple Linux kernel security vulnerabilities
document sys_mbind() buffer overflow, SELinux module DoS, /sys filesystem DoS, amd64 debugging race conditions DoS, getsockopt() kernel memory content leak, ip_route_input() DoS.
 Linux kernel perfmon DoS
document Race conditions on mm_struct structure access.
 Linux kernel keyring DoS
document System crash on invalid __keyring_search_one() argument.
 Linux kernel sys_timer_create() DoS
document Creation of large number of timers causes memory exhaustion and system crash.
7!Linux kernel multiple vulnerabilities
updated since 22.03.2006
document Integer overflow in netfilter's do_replace() function, memory corruption in usb/gadget driver. Kernel memory content leak through sockaddr_in.sin_zero.
 Linux kernel die_if_kernel() DoS
document DoS on Itanium platform.
6!Linux kernel ICMP DoS
document record-route or timestamp IP options handling vulnerability.
6!Linux kernel multiple DoS conditions
document Local DoS with netlink_rcv_skb(), few DoS conditions with PPTP NAT.
 BSD systems securelevel protection bypass
updated since 09.01.2006
document By mounting different filesystem it's possible to mask file flagged 'immutable'. It's possible to rollback system tiime by setting it to maximum value.
7!Multiple Linux kernel vulnerabilities
document sendmsg() stack based buffer overflow, raw_sendmsg() kernel memory access, ipt_recent module DoS, fput() DoS on 64-bit platforms with 32-bit emulation, DRM debugging sensitive information access, Orinoco driver kernel memory access, AUDITSYSCALL memory leak, user's VT terminal access, ip_vs_conn_flush race conditions.
7!Multiple linux kernels vulnerabilities
document NAt feature DoS, sys_get_thread_area() kernel memory content leak, ip_vs_conn_flush() race conditions, Posix timers DoS, rose_rt_ioctl() DoS.
 Linux IPv6 sockets DoS
document Endless loop is possible within udp_v6_get_port() function.
6!Linux kernel console keyboard mapping commands execution
document User can set keyboard mapping which will impact next users on this console.
 Ethernet frame padding information leakage
updated since 08.01.2003
document Incorrect memory managment causes ethernet fame padding bytes may contain sensitive information.
 Linux kernel memory leaks
document Memory leaks may potentially lead to DoS conditions.
6!Multiple Linux kernel vulnerabilities
document sys_set_mempolicy() negative argument DoS, race CLONE_VM DoS conditions, race TASK_TRACED state DoS conditions, ioremap amd64 platform memory access, HFS and HFS+ filesystem drivers DoS, remote ebtables netfilter module remote DoS on SMP platforms.
7!Multiple Linux kernel vulnerabilities
updated since 10.09.2005
document Remote DoS with netfilter ipt_recent module. Privilege escalation with sendmsg() for amd64 platform. Reading kernel memory and IO ports with raw_sendmsg(). Memory leaks with procfs for SCSI drivers. USB DoS.
 Linux kernel fget() DoS
document sockfd_put() call is missed in routing_ioctl(), leading to resource consumption and system crash.
6!Multiple Linux kernel bugs
6!Linux kernel multiple vulnerabilities
document Multiple DoS conditions, code execution while mounting compressed ISO file system, IPSec protection bypass by local user.
6!Linux NFS Network File System buffer overflow
document Buffer overflow on parsing nfsacl protocol XDR data.
 Linux kernel keyring management DoS
document System crash on attempt to delete uninstantiated keyring. Semaphore leakage on KEYCTL_JOIN_SESSION_KEYRING operation.
 Linux kernel XFRM array overflow
6!Linux kernel ia32 compatibility for 64 bit platforms race condtions
document Race conditions with heap memory corruption in execve() syscall.
6!Multiple hardware platforms hyper threading technology systems information leak
updated since 13.05.2005
document Unprivileged thread can read data from privileged thread memory from CPU cache memory.
7!Linux kernel msync race conditions
document Race conditions allow inject dynamic library into process space.
7!Multiple Linux kernel vulnerabilities
document DoS and possible code execution on invalid mmap() arguments, ptrace problem rase again on amd64 platform.
6!Linux kernel pktcdvd privilege escalation
document Rawdevice ioctl handler parameters are not checked.
6!Linux kernel coredump pribilege escalation
document Bug in ELF format parsing leads to code execition.
 Linux kernel it87 and via686a drivers DoS
document Insecure permissions lead to ability of resource exhaustion.
 Linux kernel multiple vulnerabilities
document sysfs_write_file() integer overflow, futex functions DoS, ext3 and jfs race conditions.
 Linux kernel AIO DoS
document Call to io_queue_release() without call to io_queue_release() causes system crash on 64bit platforms (PPC64 and IA64).
6!Linux ext2 filesystem information leak
document During directory creating random data from kernel memory are written to disk.
7!Multiple Linux Kernel vulnerabilities
document Privilege escalation with ATI Radeon drivers, remote denial of service with Netfilter.
6!Linux Kernel Bluetooth support integer overflow
document Integer overflow in socket call processing.
 Linux ISO9660 filesystem multiple memory corruptions
document Multiple bugs leading to memory corruptions.
6!Multiple Linux kernel security vulnerabilities
document Arbitrary process memory control, race conditions, buffer overflow, DoS, IP filtering bypass.
9!Linux kernel multiple bugs
document Race conditions in uselib() leading to possibilityto overwrite kernel memory regions. Integer overflows in multiple drivers (random poolsize, scsi ioctl, moxa). RLIMIT_MEMLOCK protection bypass. mlockall DoS. Privilege escalation with race conditions on page fault with SMP platforms.
7!Multiple Linux kernel bugs
updated since 15.12.2004
document DoS, privilege escalation, buffer overflow on 32bit calls emulation under 64bit platforms.
 Linux kernel Capability LSM privilege escalation
document Aplication started before module load have elevated privileges.
6!Multiple linux kernel IGMP processing bugs
document DoS, kernel memory access.
 Linux kernel __scm_send DoS
document Race conditions leading to deadlock.
 Multiple Linux smbfs bugs
document Multiple bugs on parsing server replies.
6!Linux iptables logging DoS
document integer overflow causes kernel crash if logging is enabled.
6!Multiple Linux kernel bugs
document ReiserFS DoS, hugetlbfs protection bypass.
6!Linux kernel race konditions
document Race conditions on TIOCSETLD during read/write operation on same terminal can cause system to crash and potentially may lead to privilege escalation.
 Linux CD protection bypass
document user with read-only access can bypass these permissions and perform write and erase operations on media in a drive.
6!Linux kernel integer overflows
document integer overflow on write() in kNFSd and XDR decoding.
 linux kernel information leak
document /proc problems hit again
 Linux kernel integer types conversion problems.
document It's possible to access kernel memory because of inters conversion bug in 64bit file API (for example llseek).
7!Multiple linux kernel bugs
document chown: users can change the group affiliation of arbitrary files to the group they belong to, missing DAC check in chown(2): local privilege escalation, overflow with signals: local denial-of-service, pss, mpu401 sound driver: read/write to complete memory, airo driver: read/write to complete memory, ALSA: copy_from_user/copy_to_user confused, acpi_asus: read from random memory, decnet: write to memory without checking, e1000 driver: read complete memory
6!Linux TCP options signed/unsigned conversions DoS
document TCP option length over 127 bytes can cause infinit loop inside netfilter if options are used in filtering rules.
 linux kerndel floating point exception DoS
document Problem with floating point exceptions lead to unstable kernel state.
6!Linux kernel multiple bugs
document cpufreq privilege escalation, multiple SCSI drivers weak permissions.
6!Linux kernel in/out ports access
document Mask for input/output permissions is not cleared for child process. It may lead to unauthorized access to i/o ports.
8!linux kernel ip_setsockopt integer overflow
document Integer overflow on MCAST_MSFILTER option processing.
 linux threaded processes DoS
document SIGRT_1 signal can be delivired to application causing invalid handling of child threads termination.
9!linux kernel mremap privilege escalation
updated since 05.01.2004
document It's possible to map memory page of zero size causing memory corruption in kernel.
 smbmnt privilege escalation
document Few distributions have smbmnt installed suid root. It allows user to mount external drive and run any application as suid.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod