exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

CVE-2016-4578

Status Candidate

Overview

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

Related Files

Linux Kernel 4.4 (Ubuntu 16.04) snd_timer_user_ccallback() Kernel Pointer Leak
Posted Mar 11, 2019
Authored by Wally0813

Linux Kernel version 4.4 (Ubuntu 16.04) suffers from a snd_timer_user_ccallback() kernel pointer leak vulnerability.

tags | exploit, kernel
systems | linux, ubuntu
advisories | CVE-2016-4578
SHA-256 | c02d5c6107b8268f368eaa7acad7eef444f4482a3ced9cf9216e83faa22ec1b9
Red Hat Security Advisory 2016-2584-02
Posted Nov 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2584-02 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service via a crafted sendmsg system call.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8746, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2015-8956, CVE-2016-2053, CVE-2016-2069, CVE-2016-2117, CVE-2016-2384, CVE-2016-2847, CVE-2016-3070, CVE-2016-3156, CVE-2016-3699, CVE-2016-3841, CVE-2016-4569, CVE-2016-4578, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480
SHA-256 | 88a2bd8c0f30988120dd0ca735846a15c63a1e9c06edc72ce61959751724fbc4
Red Hat Security Advisory 2016-2574-02
Posted Nov 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2574-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service via a crafted sendmsg system call.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8746, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2015-8956, CVE-2016-2053, CVE-2016-2069, CVE-2016-2117, CVE-2016-2384, CVE-2016-2847, CVE-2016-3070, CVE-2016-3156, CVE-2016-3699, CVE-2016-3841, CVE-2016-4569, CVE-2016-4578, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480
SHA-256 | a58b7b5d58e92d5a084026c53f5461e431441e86891787922c799b50ae4376ed
Ubuntu Security Notice USN-3016-4
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3016-4 - USN-3016-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | 8b422961da61bd3f40b99e99fad351371bb6609bb98f432f77cc11d8d554d24b
Ubuntu Security Notice USN-3017-3
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3017-3 - USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | a1beb623f5e33a2e8c161fd6cca966622aa0882f56c90c2404ac48f36c15fc9b
Ubuntu Security Notice USN-3021-2
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3021-2 - Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-3951, CVE-2016-4482, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4805, CVE-2016-4913
SHA-256 | a1920ccfc4f4c6e5f276bfd5d75431b8b3ae7cb57f8387df52a131fbfbe2120f
Ubuntu Security Notice USN-3021-1
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3021-1 - Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-3951, CVE-2016-4482, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4805, CVE-2016-4913
SHA-256 | a58aea903cc903ad65202dc2ce64c473a75d915b0fa02a508452f77673343643
Ubuntu Security Notice USN-3020-1
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3020-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | 54f83afa154640f8024df9abd28aa401d3608933d58a98291d2ff9437c61ffc3
Ubuntu Security Notice USN-3018-2
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3018-2 - USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4997, CVE-2016-4998
SHA-256 | 967ed36586a074ad56c5537a86344439a141220272f76359ff378d22c3a93cd7
Ubuntu Security Notice USN-3019-1
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3019-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4997, CVE-2016-4998
SHA-256 | 9290b489b84336a68219bbf34af20a42bbcb89266e0f5470f3726d9949ced727
Ubuntu Security Notice USN-3018-1
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3018-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4997, CVE-2016-4998
SHA-256 | 19b9ec27b0226f3c7b7630645b541791cdab6e5d2596d808843adf1e12571f08
Ubuntu Security Notice USN-3017-1
Posted Jun 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3017-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | 79f36f91ab71a9288eb4ac5bd94a84055fe207a3b8ffde26e2b998bac448de0b
Ubuntu Security Notice USN-3017-2
Posted Jun 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3017-2 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | 9a2ae0d9a1ce7f3c114d1711ce02b4e07a2fdfe9dd0b82dad517fe7ff5247145
Ubuntu Security Notice USN-3016-3
Posted Jun 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3016-3 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | 4a46c330fbc5d59fcecbb0755e870ff87b7bc2891a32e3f9e0bc14cf19ac7aa1
Ubuntu Security Notice USN-3016-2
Posted Jun 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3016-2 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | 3b960ba01dd7b794aef265df87941a0121a7b266f1c50456a9f279d9ccd0c927
Ubuntu Security Notice USN-3016-1
Posted Jun 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3016-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | b7b6569c094d6e250336c05cb6c8a2054aae6090826ed99ebac47b7a65fba9bd
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close