exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2024-26923

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two consecutive passes of scan_children() may see a different set of children. Leading to an incorrectly elevated inflight count, and then a dangling pointer within the gc_inflight_list. sockets are AF_UNIX/SOCK_STREAM S is an unconnected socket L is a listening in-flight socket bound to addr, not in fdtable V's fd will be passed via sendmsg(), gets inflight count bumped connect(S, addr) sendmsg(S, [V]); close(V) __unix_gc() ---------------- ------------------------- ----------- NS = unix_create1() skb1 = sock_wmalloc(NS) L = unix_find_other(addr) unix_state_lock(L) unix_peer(S) = NS // V count=1 inflight=0 NS = unix_peer(S) skb2 = sock_alloc() skb_queue_tail(NS, skb2[V]) // V became in-flight // V count=2 inflight=1 close(V) // V count=1 inflight=1 // GC candidate condition met for u in gc_inflight_list: if (total_refs == inflight_refs) add u to gc_candidates // gc_candidates={L, V} for u in gc_candidates: scan_children(u, dec_inflight) // embryo (skb1) was not // reachable from L yet, so V's // inflight remains unchanged __skb_queue_tail(L, skb1) unix_state_unlock(L) for u in gc_candidates: if (u.inflight) scan_children(u, inc_inflight_move_tail) // V count=1 inflight=2 (!) If there is a GC-candidate listening socket, lock/unlock its state. This makes GC wait until the end of any ongoing connect() to that socket. After flipping the lock, a possibly SCM-laden embryo is already enqueued. And if there is another embryo coming, it can not possibly carry SCM_RIGHTS. At this point, unix_inflight() can not happen because unix_gc_lock is already taken. Inflight graph remains unaffected.

Related Files

Ubuntu Security Notice USN-6926-3
Posted Aug 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6926-3 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-46343, CVE-2023-52436, CVE-2023-52444, CVE-2023-52449, CVE-2023-52469, CVE-2023-52752, CVE-2024-25739, CVE-2024-25744, CVE-2024-26857, CVE-2024-26882, CVE-2024-26923, CVE-2024-27020, CVE-2024-35978, CVE-2024-35997
SHA-256 | 67f80c016324f30ff3664a941b9a12abe1b24c7c9def9edb0d9cde6176d5315c
Download | Favorite | View
Ubuntu Security Notice USN-6926-2
Posted Aug 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6926-2 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-46343, CVE-2023-52435, CVE-2023-52436, CVE-2023-52443, CVE-2023-52444, CVE-2023-52449, CVE-2023-52752, CVE-2024-25739, CVE-2024-25744, CVE-2024-26882, CVE-2024-26901, CVE-2024-26923, CVE-2024-27020, CVE-2024-35978
SHA-256 | 2d46229c1bb410100a951de8431f990f91bf51ba7ec8b3772ca11b05a1a2247c
Download | Favorite | View
Ubuntu Security Notice USN-6926-1
Posted Jul 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6926-1 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-46343, CVE-2023-52436, CVE-2023-52444, CVE-2023-52449, CVE-2023-52469, CVE-2023-52752, CVE-2024-25739, CVE-2024-25744, CVE-2024-26857, CVE-2024-26882, CVE-2024-26923, CVE-2024-27020, CVE-2024-35978, CVE-2024-35997
SHA-256 | 5946767f63c59a1b35d467132768a7ffe22b7db995b64fbe9e4a10be86c172d9
Download | Favorite | View
Ubuntu Security Notice USN-6918-1
Posted Jul 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6918-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52699, CVE-2024-26811, CVE-2024-26817, CVE-2024-26922, CVE-2024-26923, CVE-2024-26924, CVE-2024-26928, CVE-2024-26980, CVE-2024-26981, CVE-2024-26982, CVE-2024-26983, CVE-2024-26986, CVE-2024-26989, CVE-2024-26990
SHA-256 | 947dc6ce3cec3cdfef479e2eb5fb7d19c77151dd763924f5af72f2e51a47fe3b
Download | Favorite | View
Ubuntu Security Notice USN-6893-3
Posted Jul 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6893-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52699, CVE-2024-26811, CVE-2024-26923, CVE-2024-26926, CVE-2024-26936, CVE-2024-26980, CVE-2024-26981, CVE-2024-26983, CVE-2024-26985, CVE-2024-26987, CVE-2024-26988, CVE-2024-26989, CVE-2024-26991, CVE-2024-26992
SHA-256 | 7f62f78668bc36911b1f96b40c020e8124cd85ad4a7b7ca69e27900327bdb441
Download | Favorite | View
Ubuntu Security Notice USN-6893-2
Posted Jul 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6893-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52699, CVE-2024-26811, CVE-2024-26817, CVE-2024-26923, CVE-2024-26926, CVE-2024-26928, CVE-2024-26936, CVE-2024-26982, CVE-2024-26983, CVE-2024-26984, CVE-2024-26987, CVE-2024-26988, CVE-2024-26991, CVE-2024-26992
SHA-256 | 5a85950f4abbb032116aaee6852d49df3aa64a4a911cfe8aa786c9e093fa3440
Download | Favorite | View
Ubuntu Security Notice USN-6898-1
Posted Jul 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6898-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-38096, CVE-2023-52880, CVE-2024-23307, CVE-2024-24861, CVE-2024-25739, CVE-2024-26642, CVE-2024-26654, CVE-2024-26687, CVE-2024-26812, CVE-2024-26813, CVE-2024-26828, CVE-2024-26923, CVE-2024-26926, CVE-2024-26934
SHA-256 | ee181d7c57544b38471cdfdd8a2ee4fb18baf1502aad94b568edad8babad667d
Download | Favorite | View
Ubuntu Security Notice USN-6893-1
Posted Jul 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6893-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52699, CVE-2024-26811, CVE-2024-26817, CVE-2024-26922, CVE-2024-26923, CVE-2024-26925, CVE-2024-26928, CVE-2024-26936, CVE-2024-26980, CVE-2024-26981, CVE-2024-26983, CVE-2024-26984, CVE-2024-26985, CVE-2024-26987
SHA-256 | c921ec1fdc787bcf1c8e45327ee5c68db46fe1646615a3ebdea7f0e104640d54
Download | Favorite | View
Debian Security Advisory 5680-1
Posted May 7, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5680-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2024-26605, CVE-2024-26817, CVE-2024-26922, CVE-2024-26923, CVE-2024-26924, CVE-2024-26925, CVE-2024-26926, CVE-2024-26936, CVE-2024-26939, CVE-2024-26980, CVE-2024-26981, CVE-2024-26983, CVE-2024-26984, CVE-2024-26987
SHA-256 | 7fd70cae13607fa2096b0081a446ea326e11bc606c6b954441875225d5c5e703
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    50 Files
  • 15
    Aug 15th
    33 Files
  • 16
    Aug 16th
    23 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close