exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2017-18344

Status Candidate

Overview

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).

Related Files

Red Hat Security Advisory 2018-3591-01
Posted Nov 14, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3591-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2017-18344, CVE-2018-14634
SHA-256 | ccf8060e03ef67ab708802c8654d1b6d77da8af66f7e306750e5d6334f9a4f25
Red Hat Security Advisory 2018-3590-01
Posted Nov 14, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3590-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-18344, CVE-2018-10675, CVE-2018-14634, CVE-2018-5391
SHA-256 | e1f32d161373ab4335bdb583d19868b2299507b80221f4b698d47f09a7185dc2
Red Hat Security Advisory 2018-3540-01
Posted Nov 14, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3540-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-18344, CVE-2018-10675, CVE-2018-14634, CVE-2018-5391
SHA-256 | 633aabe29b1e0f5d6bf768e3c3ce4393d827ebe23a55fe636f36ccbc25c9b3d7
Red Hat Security Advisory 2018-3586-01
Posted Nov 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3586-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-18344, CVE-2018-10675, CVE-2018-14634, CVE-2018-5391
SHA-256 | e0009f6e82725aa1e1293a06230a2d8f2162605ab1319eabab34e2054abbd3fd
Red Hat Security Advisory 2018-3459-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3459-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2017-18344, CVE-2018-5391
SHA-256 | d9ed013caefaafa615d8575f93905b3db590cc43ed285904b04b65724c310165
Red Hat Security Advisory 2018-2948-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2948-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer overflow, bypass, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-13166, CVE-2017-16648, CVE-2017-17805, CVE-2017-17806, CVE-2017-18075, CVE-2017-18208, CVE-2017-18344, CVE-2018-1000026, CVE-2018-1000200, CVE-2018-1000204, CVE-2018-10322, CVE-2018-1065, CVE-2018-1068, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1095, CVE-2018-1118, CVE-2018-1120
SHA-256 | b5ac1428b03d1ab918a3b26b7b8a361284bcfa618164f1b2afd1b27d505a0549
Red Hat Security Advisory 2018-3083-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3083-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740
SHA-256 | 51bb55b468c741de6d34c15b15988a77197b07fcb781827141ad9999e1700fdc
Red Hat Security Advisory 2018-3096-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3096-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740
SHA-256 | 7f59a96ea0227aec7452145ed2d1a67c0ed1e187e5b7fdd0814bef1fa260bd64
Ubuntu Security Notice USN-3742-3
Posted Aug 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3742-3 - USN-3742-2 introduced mitigations in the Linux Hardware Enablement kernel for Ubuntu 12.04 ESM to address L1 Terminal Fault vulnerabilities. Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications from starting. This update fixes the problems. Various other issues were also addressed.

tags | advisory, java, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18344, CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
SHA-256 | 117ca5698e3423dcf9d211649ddf4777ad1e2cebd10deb52b0430ebb6315d012
Ubuntu Security Notice USN-3742-2
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3742-2 - USN-3742-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18344, CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
SHA-256 | fb6596a35a24622812cff1ed302b520e11da3ba722f0c644f087c285bc64787d
Ubuntu Security Notice USN-3742-1
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3742-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-18344, CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
SHA-256 | c035bba325d96f94a43d62767f3c94a54df04c540dd08cb90ddde8af1e49cf84
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) Arbitrary File Read
Posted Aug 9, 2018
Authored by Andrey Konovalov

Linux Kernel version 4.14.7 (Ubuntu 16.04 / CentOS 7) arbitrary file read exploit with KASLR and SMEP bypass.

tags | exploit, arbitrary, kernel
systems | linux, ubuntu, centos
advisories | CVE-2017-18344
SHA-256 | 1ae85ec6d04c32f099ad5a0ffd9c537802c71e873dfb28f79abf9a426f8557a6
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close