exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2024-26603

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Stop relying on userspace for info to fault in xsave buffer Before this change, the expected size of the user space buffer was taken from fx_sw->xstate_size. fx_sw->xstate_size can be changed from user-space, so it is possible construct a sigreturn frame where: * fx_sw->xstate_size is smaller than the size required by valid bits in fx_sw->xfeatures. * user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible. In this case, xrstor tries to restore and accesses the unmapped area which results in a fault. But fault_in_readable succeeds because buf + fx_sw->xstate_size is within the still mapped area, so it goes back and tries xrstor again. It will spin in this loop forever. Instead, fault in the maximum size which can be touched by XRSTOR (taken from fpstate->user_size). [ dhansen: tweak subject / changelog ]

Related Files

Ubuntu Security Notice USN-6895-4
Posted Aug 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6895-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52631, CVE-2023-52637, CVE-2023-52642, CVE-2023-52643, CVE-2023-52880, CVE-2023-6270, CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26606
SHA-256 | 5abbf5bf5626f5254f4e45c8a2e156eed0e1819bb69d45b4255f18556cc62da1
Download | Favorite | View
Ubuntu Security Notice USN-6895-3
Posted Jul 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6895-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52631, CVE-2023-52637, CVE-2023-52638, CVE-2023-52643, CVE-2023-6270, CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861, CVE-2024-26593, CVE-2024-26600, CVE-2024-26601, CVE-2024-26602, CVE-2024-26603
SHA-256 | c2cdeb8147a5ff711973b3c8fee175db573062bd9897685481c20a336ce711eb
Download | Favorite | View
Ubuntu Security Notice USN-6900-1
Posted Jul 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6900-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52631, CVE-2023-52638, CVE-2023-52643, CVE-2023-52645, CVE-2023-52880, CVE-2023-6270, CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861, CVE-2024-26593, CVE-2024-26600, CVE-2024-26603, CVE-2024-26642
SHA-256 | e97da32f17a29fe4696411be940643a9db1b1d29119fc6286db6efced74e2225
Download | Favorite | View
Ubuntu Security Notice USN-6895-2
Posted Jul 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6895-2 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52631, CVE-2023-52637, CVE-2023-52638, CVE-2023-52643, CVE-2023-6270, CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861, CVE-2024-26593, CVE-2024-26601, CVE-2024-26602, CVE-2024-26603, CVE-2024-26642
SHA-256 | cb98f5e56d9db06a20eb3399970fe6e4dd6d1c03b16d42a3b8b246d6254a725f
Download | Favorite | View
Ubuntu Security Notice USN-6895-1
Posted Jul 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6895-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52631, CVE-2023-52638, CVE-2023-52642, CVE-2023-52643, CVE-2023-52645, CVE-2023-6270, CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861, CVE-2024-26593, CVE-2024-26603, CVE-2024-26606, CVE-2024-26642
SHA-256 | 13204fe1d646093191f86b432d013bd53e9fab0b9ef81134435e8e12af260d6a
Download | Favorite | View
Ubuntu Security Notice USN-6821-4
Posted Jun 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6821-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52434, CVE-2023-52447, CVE-2023-52640, CVE-2023-52641, CVE-2023-52644, CVE-2023-52645, CVE-2023-52650, CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-22099, CVE-2024-26583, CVE-2024-26584, CVE-2024-26603
SHA-256 | 005197f93f9635a71a9d722ed30f7f10170a59d2fc5bf3241cc4fd1eef53f94e
Download | Favorite | View
Ubuntu Security Notice USN-6821-3
Posted Jun 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6821-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52434, CVE-2023-52447, CVE-2023-52620, CVE-2023-52640, CVE-2023-52641, CVE-2023-52645, CVE-2023-52650, CVE-2023-52662, CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-22099, CVE-2024-26583, CVE-2024-26603
SHA-256 | aae6b5f7c1a02571eceaa675caf0e3f9084a4a26a6ccfb4410f9c4ea33879bdd
Download | Favorite | View
Ubuntu Security Notice USN-6821-2
Posted Jun 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6821-2 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52434, CVE-2023-52447, CVE-2023-52620, CVE-2023-52640, CVE-2023-52641, CVE-2023-52645, CVE-2023-52650, CVE-2023-52662, CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-22099, CVE-2024-26583, CVE-2024-26603
SHA-256 | c0d502aabcbbf1e5adcf7965d701523eed1192f64932ac780a636cf8bf6e2746
Download | Favorite | View
Ubuntu Security Notice USN-6821-1
Posted Jun 10, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6821-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52434, CVE-2023-52447, CVE-2023-52620, CVE-2023-52640, CVE-2023-52641, CVE-2023-52645, CVE-2023-52650, CVE-2023-52662, CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-22099, CVE-2024-26583, CVE-2024-26603
SHA-256 | 6bfa3dcb7b71737d5c685bfda62b611297eb2a3e245d5048438c44e66d077a4e
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close