exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Luis Henriques

Kernel Live Patch Security Notice LSN-0014-1

Posted Dec 8, 2016

Authored by Luis Henriques

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, tcp

systems | linux

advisories | CVE-2016-6480, CVE-2016-6828, CVE-2016-8655

SHA-256 | d8c13d40032210a719f70376fb50f745ce27eca4d0eb24c5096aaa2ba0e42b44

Download | Favorite | View

Kernel Live Patch Security Notice LSN-0013-1

Posted Nov 30, 2016

Authored by Luis Henriques

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg(2) implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other kernel vulnerabilities were also discovered and addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, vulnerability

systems | linux

advisories | CVE-2016-7042, CVE-2016-7117, CVE-2016-7425, CVE-2016-8658

SHA-256 | 5eae3cc7ae9949b636e16234a44d66f6ecfbbb7d410b77b7636cc74cb28cfc31

Download | Favorite | View

Kernel Live Patch Security Notice LSN-0012-1

Posted Oct 20, 2016

Authored by Luis Henriques

Vladimir Benes discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges.

tags | advisory, remote, denial of service, kernel, local

systems | linux

advisories | CVE-2016-5195, CVE-2016-7039, CVE-2016-8666

SHA-256 | c25b2da43c7e870d98f3d2287f8bfebc1dba46d2dba4f24ed45b8ee608b6d7b9

Download | Favorite | View