exploit the possibilities
Showing 1 - 25 of 50 RSS Feed

Files from Benjamin M. Romer

Email addressbenjamin.romer at canonical.com
First Active2017-04-15
Last Active2021-09-14
Kernel Live Patch Security Notice LSN-0081-1
Posted Sep 14, 2021
Authored by Benjamin M. Romer

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Various other vulnerabilities were also addressed.

tags | advisory, kernel, vulnerability
systems | linux
advisories | CVE-2021-22555, CVE-2021-33909, CVE-2021-3653, CVE-2021-3656
MD5 | 466908f10276ab3196dea532b09d7715
Kernel Live Patch Security Notice LSN-0080-1
Posted Aug 18, 2021
Authored by Benjamin M. Romer

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2021-22555
MD5 | 64f38c99f5a469a5fc23403332deaa12
Kernel Live Patch Security Notice LSN-0079-1
Posted Jul 26, 2021
Authored by Benjamin M. Romer

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2021-33909, CVE-2021-3600
MD5 | 3d25210f32b7ce386710ced319ba74bc
Kernel Live Patch Security Notice LSN-0078-1
Posted Jul 20, 2021
Authored by Benjamin M. Romer

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code.

tags | advisory, arbitrary, kernel, local, vulnerability, protocol
systems | linux
advisories | CVE-2021-3609
MD5 | 253344ca4d57ea28bccc4904f8ebf52d
Kernel Live Patch Security Notice LSN-0077-1
Posted May 18, 2021
Authored by Benjamin M. Romer

Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-3492
MD5 | 11f882d05f16be2e019af1cb83ac015b
Kernel Live Patch Security Notice LSN-0076-1
Posted May 3, 2021
Authored by Benjamin M. Romer

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, x86, kernel, local
systems | linux
advisories | CVE-2021-29154, CVE-2021-3493
MD5 | b564ede11c90d1a439897db81efbd24b
Kernel Live Patch Security Notice LSN-0075-1
Posted Apr 7, 2021
Authored by Benjamin M. Romer

Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2020-27170, CVE-2020-27171, CVE-2020-29372, CVE-2020-29374, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3444
MD5 | 485d57e139e0096fac110f9ec89736de
Kernel Live Patch Security Notice LSN-0074-1
Posted Feb 1, 2021
Authored by Benjamin M. Romer

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

tags | advisory, remote, kernel, local
systems | linux
advisories | CVE-2020-0427, CVE-2020-12352, CVE-2020-25645, CVE-2020-28374
MD5 | 6330d3eeacc7aa6e678f919eefeb140b
Kernel Live Patch Security Notice LSN-0073-1
Posted Oct 26, 2020
Authored by Benjamin M. Romer

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow.

tags | advisory, overflow, kernel
systems | linux
advisories | CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
MD5 | 1e0505580aae17da92a460e9eaf6f826
Kernel Live Patch Security Notice LSN-0072-1
Posted Oct 14, 2020
Authored by Benjamin M. Romer

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). Other issues where also addressed.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2020-0067, CVE-2020-11494, CVE-2020-11935, CVE-2020-12114, CVE-2020-14386, CVE-2020-16119, CVE-2020-16120
MD5 | 14f02287095aa69b1f4a060649c3f887
Kernel Live Patch Security Notice LSN-0071-1
Posted Sep 10, 2020
Authored by Benjamin M. Romer

A security issue was fixed in the 4.15 kernel. This issue affects the 5.4 kernel as well, but a livepatch is not yet available. While work is continuing to develop livepatches for all affected kernels, due to the severity of the issue, they are releasing patches as they become ready. Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2020-14386
MD5 | 4437085dab38579a25ce71c982fffd06
Kernel Live Patch Security Notice LSN-0065-1
Posted Apr 15, 2020
Authored by Benjamin M. Romer

Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host). It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2013-1798, CVE-2019-3016, CVE-2020-8428
MD5 | 447f0d1c5c178b42193ae361cc92d87a
Kernel Live Patch Security Notice LSN-0064-1
Posted Mar 19, 2020
Authored by Benjamin M. Romer

Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information.

tags | advisory, kernel
systems | linux
advisories | CVE-2020-2732
MD5 | 951ac2ddda0402fb80ea73acdceeffb9
Kernel Live Patch Security Notice LSN-0063-1
Posted Feb 20, 2020
Authored by Benjamin M. Romer

Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2019-14615, CVE-2019-19050, CVE-2019-20096, CVE-2019-5108, CVE-2020-7053
MD5 | 905a4d92f08ee676e7aa0579c14131b9
Kernel Live Patch Security Notice LSN-0062-1
Posted Feb 3, 2020
Authored by Benjamin M. Romer

It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2019-14615, CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901, CVE-2019-18885, CVE-2019-2214
MD5 | 03710b8e9efb16ac3a585bc63c8f8279
Kernel Live Patch Security Notice LSN-0061-1
Posted Jan 8, 2020
Authored by Benjamin M. Romer

It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux
advisories | CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901, CVE-2019-15794
MD5 | 2404d344042300ad2596b5f12fd94aaa
Kernel Live Patch Security Notice LSN-0059-1
Posted Nov 13, 2019
Authored by Benjamin M. Romer

On November 12, fixes for several high-severity Intel processor CVEs were released into the Ubuntu kernel, accompanied by a related processor microcode update. Due to the high complexity of the fixes and the required microcode update, we are unable to livepatch this set of CVEs. Please plan to reboot into an updated kernel as soon as possible. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135
MD5 | 06b34393d5a55669f944e67227b98bc7
Kernel Live Patch Security Notice LSN-0058-1
Posted Oct 23, 2019
Authored by Benjamin M. Romer

It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846
MD5 | aa1b2d5e0e41264715ab20ee76ffa47d
Kernel Live Patch Security Notice LSN-0056-1
Posted Sep 23, 2019
Authored by Benjamin M. Romer

Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux
advisories | CVE-2019-14835
MD5 | 4445ce7fa5ca560dafec0ff9b45ccb45
Kernel Live Patch Security Notice LSN-0055-1
Posted Sep 7, 2019
Authored by Benjamin M. Romer

It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2018-20856, CVE-2019-10207, CVE-2019-11478, CVE-2019-13233, CVE-2019-14283, CVE-2019-14284
MD5 | 024d77eed49a23432c14adc8f067c9ad
Kernel Live Patch Security Notice LSN-0054-1
Posted Aug 28, 2019
Authored by Benjamin M. Romer

It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities have also been addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2018-1129, CVE-2019-10126, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13272, CVE-2019-2101, CVE-2019-3846
MD5 | 1de971967f43f22fa4ee2b9590b93d64
Kernel Live Patch Security Notice LSN-0053-1
Posted Jul 29, 2019
Authored by Benjamin M. Romer

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2011-1079, CVE-2011-11833, CVE-2011-11884, CVE-2019-11815, CVE-2019-2054
MD5 | 5d39e34bd8b180177429a30ccd754900
Kernel Live Patch Security Notice LSN-0052-1
Posted Jun 19, 2019
Authored by Benjamin M. Romer

Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, overflow, kernel, tcp
systems | linux
advisories | CVE-2019-11477, CVE-2019-11478
MD5 | 12a0c55fcb16b10cd0ab60c500a5dbda
Kernel Live Patch Security Notice LSN-0051-1
Posted May 15, 2019
Authored by Benjamin M. Romer

On May 14, fixes for CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 were released into the Ubuntu Xenial and Bionic kernels. These CVEs are security vulnerabilities caused by flaws in the design of speculative execution hardware in the computer's CPU. Researchers discovered that memory contents previously stored in microarchitectural buffers of an Intel CPU core may be visible to other processes running on the same core.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
MD5 | 0069e998c074055e86da45d0805d391d
Kernel Live Patch Security Notice LSN-0046-1
Posted Dec 20, 2018
Authored by Benjamin M. Romer

It was discovered that an integer overflow vulnerability existed in the CDRom driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux
advisories | CVE-2017-5753, CVE-2018-10880, CVE-2018-10902, CVE-2018-14734, CVE-2018-16276, CVE-2018-16658, CVE-2018-18445, CVE-2018-18690, CVE-2018-18710, CVE-2018-9363
MD5 | 62b6f4b7e6e1fd65e163f970baba56dc
Page 1 of 2
Back12Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close